On Tuesday December 12, 2017 researchers Hanno Böck and Juraj Somorovsky announced a “new but old” vulnerability (The ROBOT Attack) found from certain TLS implementations. The vulnerability is (based on current knowledge) limited to certain TLS implementations and based on current information available most of TLS or RSA implementations are not affected.
First, some history:
A while back I was thinking of switching my old car to something modern and went to a car shop of one of the modern era’s most advanced car makers. There I got a great speech about how connected cars deliver more value throughout the car ownership cycle by delivering constant updates that positively affect safety, performance and overall driving experience without the need for additional investment
A researcher from the KU Leuven university in Belgium published a white paper of his research on Monday and disclosed severe vulnerabilities in the WPA2 protocol used commonly in the modern WiFi networks. The attacks introduced in the whitepaper work also against the older WPA protocol. In practise both the WiFi authentication can be bypassed for arbitrary access and the WiFi encryption can be brok
Remember the days when software developers did not worry about release deadlines? Neither do I. Brutal competition and innovation inevitably drives companies to add complex features to their products, without the luxury of extending product release deadlines.
This the first part of our blog series "Things that security auditors will nag about and why you shouldn't ignore them". In these articles, Nixu's security consultants explain issues that often come up when assessing the security of web applications, platforms and other computer systems.
Two-factor authentication (2FA) is the security feature everyone knows. Any worthwhile security expert takes the opportunity to remind an organization or individual that they should enable two-factor authentication to their services.
But let's trace back a bit. So what does two-factor authentication actually mean? There are three general types of authentication: