Jump to content

Search the Community

Showing results for tags 'ssl'.

More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Site Related
    • News & Updates
    • Site / Forum Feedback
    • Member Introduction
  • News
    • General News
    • FileSharing News
    • Mobile News
    • Software News
    • Security & Privacy News
    • Technology News
  • Downloads
    • nsane.down
  • General Discussions & Support
    • Filesharing Chat
    • Security & Privacy Center
    • Software Chat
    • Mobile Mania
    • Technology Talk
    • Entertainment Exchange
    • Guides & Tutorials
  • Off-Topic Chat
    • The Chat Bar
    • Jokes & Funny Stuff
    • Polling Station

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...

Found 7 results

  1. Threats using SSL encryption are on the rise. An average of 60 percent of the transactions in the Zscaler cloud have been delivered over SSL/TLS. Researchers also found that the Zscaler cloud saw an average of 8.4 million SSL/TLS-based security blocks per day this year. “Hackers are increasingly using SSL to conceal device infections, shroud data exfiltration and hide botnet command and control communications. In fact, our study found that the amount of phishing attempts per day delivered over SSL/TLS has increased 400 percent from 2016,” said Deepen Desai, senior director, security research and operations. Malicious payload distributions ThreatLabZ researchers also identified new malicious payload distributions, based off unique payloads hitting the Zscaler Cloud Sandbox, leveraging SSL/TLS for command and control (C&C) activity. Banking Trojans comprised 60 percent of the payloads, including families like Dridex, Zbot, Vawtrak and Trickbot, while 25 percent were comprised of multiple ransomware families. Less popular payloads included Infostealer Trojan families and other miscellaneous families. Additional findings The amount of malicious content being delivered over SSL/TLS has more than doubled in the last six months. The Zscaler cloud blocked an average of 12,000 phishing attempts per day delivered over SSL/TLS—an increase of 400 percent from 2016. New, increasingly sophisticated malware strains use SSL to encrypt their C&C mechanisms. Zscaler saw an average of 300 hits per day for web exploits that included SSL as part of the infection chain. The most prevalent malware family leveraging SSL-based callbacks was Dridex/Emotet, which contributed 34 percent of the total unique, new payloads in 2017. New malicious payloads leveraging SSL/TLS for C&C activity: 60 percent were comprised of multiple Banking Trojan families (Zbot, Vawtrak, Trickbot, etc.) 25 percent were comprised of ransomware families 12 percent were comprised of Infostealer Trojan families (Fareit, Papras, etc.) 3 percent were from other miscellaneous families. Article source
  2. A majority of the top 1 million websites earn an “F” letter grade when it comes to adopting defensive security technology that protect visitors from XSS vulnerabilities, man-in-the-middle attacks, and cookie hijacking. The failing grades come from a comprehensive analysis published this week by the Mozilla Foundation using its Mozilla Observatory tool. According to a scan of Alexa ranked top 1 million websites, a paltry 0.013 percent of sites received an “A+” grade compared to 93.45 percent earning an “F”. The Observatory tool, launched last year, tests websites and grades their defensive posture based on 13 security-related features ranging from the use of encryption (HTTPS), exposure to XSS attacks based on the use of X-XSS-Protection (XXSSP) and use of Public Key Pinning which prevents a site’s use of fraudulent certificates. The silver-lining to the bad grades is that in the year since the Observatory tool began grading sites, security has improved. Compared to scans conducted between April 2016 and June 2017 the percentage of sites earning a “B” have jumped 142 percent and those earning a “C” have increased 90 percent. “It’s very hard if you’re just someone running a website to make it secure,” said April King, staff security engineer at Mozilla and developer of the Observatory tool. “There are so many different security standards. The documentation for those standards are scattered all over the place. There are not a lot of single resources that are telling you straight-up what you need to do.” King said she is encouraged at the pace of improvement when it comes to specific defensive tools. For example, the percentage of sites that support HTTPS has grown 36 percent in the past year. “The number might seem small, but it represents over 119,000 top websites,” she told Threatpost. Other security wins include a 125 percent increase in the number of sites that have adopted Content Security Policy (CSP), a browser feature that fends off Cross Site Scripting (XSS) and data injection attacks. Another win has been a 117 percent increase in adoption of Subresource Integrity (SRI), a verification feature that ensures when a browser fetches resources from third parties, such as a content delivery network, the content is not manipulated in transit. However, despite triple-digit growth in both CSP and SRI adoption, still less than one percent of sites still have adopted these security features. King concedes that achieving a secure website configuration, using all the available technologies developed in recent years by browser makers, is not easy. “I’m extremely optimistic. With tools that are free and easy to use, like Observatory, we can begin to see a common framework for building websites. This type of tool is pushing awareness back into the tool chain and making it very easy for people to implement,” King said. King likens Observatory to Qualys SSL Labs’ SSL Server Test, a free tool that analyses the configuration of SSL web servers. Observatory goes way beyond checking a website’s TLS implementation and checks for 13 different web security mechanisms. The scoring system is based on a 0 to 100 point scheme. Scores don’t just check for the presence of any given technology, but the correct implementation as well. Observatory is a tough grader, King said, because it’s designed to be a teaching tool to help administrators across the industry “become aware of the myriad technologies that standard bodies and browser companies have designed and implemented to improve the safety of the internet’s citizens.” “The fact that so many new sites have started using these technologies recently is a strong sign that we are beginning to succeed in that mission,” she said. Article source
  3. Despite 39 percent of businesses suffering an SSL-based attack in 2016, only 25 percent feel confident in their ability to deal with one according to a new study. The report from cyber security company Radware shows that cyber attacks are becoming the norm, with 98 percent of organizations experiencing some form of attack in 2016. SSL attacks though are of particular concern. SSL provided the backbone of eCommerce, though the Heartbleed attacks of three years ago have led many companies to switch to alternatives like TLS. For attackers though SSL offers a way to mask attack traffic and thwart malware detection in both network and application level threats. The use of SSL makes it harder to detect attacks as many existing solutions don't inspect SSL traffic because of the difficulty of decrypting it. Radware's data suggests SSL attacks have increased by 10 percent over the last year. The report's authors note, "SSL is both a blessing and a curse: blessing because it solves the privacy problem and secures the communication of sensitive information; curse because it creates new blind spots and vulnerabilities into an enterprise IT infrastructure." In order to protect themselves Radware say that organizations should aim to decrypt and re-encrypt SSL sessions to enable security inspection of both clear and encrypted traffic while maintaining privacy of content en-route. Any SSL inspection solution also needs to be able to selectively forward traffic to one or more security solutions. This needs careful implementation though as any solution must dynamically define filters that intercept and open traffic for inspection even if it flows through non-standard TCP ports (such as HTTPS port 443). To avoid turning the SSL traffic inspection solution into a target itself, it must not perform like a proxy or have its own IP address. Any solution must also be scalable to cope with varying levels of traffic, and ensure traffic is always forwarded to the fastest-responding available security servers. You can find out much more in the full report which is available from the Radware website. Source
  4. Kaspersky is moving to fix a bug that disabled certificate validation for 400 million users. Discovered by Google's dogged bug-sleuth Tavis Ormandy, the flaw stems from how the company's antivirus inspects encrypted traffic. Since it has to decrypt traffic before inspection, Kaspersky presents its certificates as a trusted authority. If a user opens Google in their browser, for example, the certificate will appear to come from Kaspersky Anti-Virus Personal Root. The problem Ormandy identified is that those internal certificates are laughably weak. "As new leaf certificates and keys are generated, they're inserted using the first 32 bits of MD5(serialNumber||issuer) as the key ... You don't have to be a cryptographer to understand a 32bit key is not enough to prevent brute-forcing a collision in seconds. In fact, producing a collision with any other certificate is trivial," he writes here. Ormandy's bug report gave, by way of demonstration, a collision between Hacker News and manchesterct.gov: "If you use Kaspersky Antivirus in Manchester, Connecticut and were wondering why Hacker News didn't work sometimes, it's because of a critical vulnerability that has effectively disabled SSL certificate validation for all 400 million Kaspersky users." Kaspersky fixed the issue on December 28. Source
  5. Banker Trojans have proven to be reliable and effective tools for attackers interested in quietly stealing large amounts of money from unwitting victims. Zeus, Carberp and many others have made piles of money for their creators and the attackers who use them, and researchers have been looking at a newer banker Trojan that has the ability to bypass SSL protection for banking sessions by redirecting traffic through the attackers’ own domains. The Trojan, which is being called either Dyre or Dyreza by researchers, uses a technique known as browser hooking to intercept traffic flowing between the victim’s machine and the target Web site. The malware arrives in users’ inboxes through spam messages, many of which will look like messages from a financial institution. The list of targeted banks includes Bank of America, Natwest, Citibank, RBS and Ulsterbank. Researchers say that much of the activity from the Trojan so far is in the U.K. When a victim opens the attached zip file in a spam message, the malware installs itself on the machine and then contacts a command-and-control server. Researchers at CSIS in Denmark located a couple of the C2 servers and discovered that one of them had an integrated money mule panel for several accounts in Latvia. The goal of the malware, of course, if to steal users’ credentials for online banking and other financial sites. Various banker Trojans go about this in different ways, and Dyreza’s creators decided to employ browser hooking to help defeat SSL. “The traffic, when you browse the Internet, is being controlled by the attackers. They use a MiTM (Man in The Middle) approach and thus are able to read anything, even SSL traffic in clear text. This way they will also try to circumvent 2FA,” an analysis by Peter Kruse at CSIS says. When users go to one of the targeted financial sites and attempt to log in, the data is intercepted by the malware and sent directly to the attackers. Victims would not have any visual cues that their data is being siphoned off or that the malware is redirecting their traffic to a domain controlled by the attackers and it’s no longer encrypted. “Here’s the kicker. All of this should be encrypted and never seen in the clear. By using a sleight of hand, the attackers make it appear that you’re still on the website and working as HTTPS. In reality your traffic is redirected to the attackers page,” anotheranalysis by Ronnie Tokazowski of PhishMe says. “To successfully redirect traffic in this manner, the attackers need to be able to see the traffic prior to encryption, and in the case of browsers, this is done with a technique called browser hooking. No DNS queries were performed for the c1sh Bank of America domain, suggesting the attackers simply appended this to the Host field in the network traffic.” The Dyreza malware has the ability to hook Google Chrome, Mozilla Firefox and Internet Explorer. Dyreza’s creators decided to employ browser hooking to help defeat SSL. Source
  6. The movement by technology companies to encrypt their respective corners of the Internet continues to gain steam as more and more are enabling SSL and other encryption technologies such as Perfect Forward Secrecy to ward off surveillance and enhance the privacy and security of user data. WordPress on Thursday became the latest to promise to encrypt its traffic by default. The popular blog and content management platform said it plans to have all wordpress.com subdomains served only over SSL by the end of 2014. “In the face of intrusive surveillance, we believe that everyone in the tech community needs to stand up and do what they can, starting with their own sites and platforms,” said Paul Sieminski, general counsel at Automattic, parent company to WordPress, Cloudup, Simplenote and other web-based development platforms. The announcement came on the anniversary of the first news reports describing the depths of NSA surveillance, also known as Reset the Netday, a coordinated movement urging websites to encrypt traffic using SSL, HSTS and PFS, applications to also deploy SSL and certificate pinning, and promoting privacy tools such as Tor for users interested in keep Web traffic private. Despite yesterday’s announcement, WordPress remains a laggard among its technology provider peers. According to the Electronic Frontier Foundation’s running tally on encryption, calledEncrypt the Web, WordPress does not support HTTPS Strict, also known as HSTS, nor does it support STARTTLS. The EFF was also unable to determine whether WordPress supports Perfect Forward Secrecy, or whether it encrypts data center links. Experts believe that web and application developers that Perfect Forward Secrecy and HSTS should be default encryption technologies in any new deployment. HSTS is a policy declaration that browsers, for example, may interact only over HTTPS connections; Perfect Forward Secrecy ensures that private session keys securing an encrypted connection are random and if one is compromised, it cannot be used to compromise other messages at a future time. “Intercepted encrypted data is protected from prying eyes long into the future, even if the website’s secret key is later compromised,” said Parker Higgins, an EFF activist, last November. Privacy and security advocates have long urged technology companies to encrypt traffic in order to secure communication and make government surveillance that much more difficult. The NSA’s efforts have long been facilitated by laggard technology companies who were lax in encrypting not only traffic streams, but also links between data centers which the NSA hacked in order to intercept email and other data on Yahoo and Google users. Both companies have since encrypted those links. “Just as troubling as the [snowden] revelations themselves is the fact that since last summer, little if anything has changed,” Automattic’s Sieminski said. “Despite a lot of rhetoric, our three branches of government in the United States have not made many concrete steps toward truly protecting citizens from unchecked government surveillance.” WordPress is not alone in failing to encrypt data center links; according to the EFF, other large providers such as Amazon, Apple, AT&T, Comcast, Foursquare, LinkedIn and Verizon do not. “If we’ve learned anything over the past year, it’s that encryption, when done correctly, works,” Sieminski said. “If we properly encrypt our sites and devices, we can make mass surveillance much more difficult.” Source
  7. Ponting

    SSL Eye v1.0

    SSL Eye is a unique tool that detects SSL man in the middle spying, by comparing SSL fingerprints of single or multiple sites across many remote nodes that are owned and managed by EEDS located in different countries such as Singapore, USA, and Netherlands, in order to compare the results with your own fingerprint that comes through your local ISP. Additionally the tool will tell you if the site is using Extended Validation (EV) certificates or perfect forward secrecy as the key exchange mechanism such as DHE_RSA or ECDHE_RSA which is used by google. We have also implemented global shortcut keys on the application so that you can copy a site from the browser address bar and call it for instant scan to check if you are a victim of Man in The Middle Attack (MITM). Where the attacker listens to your communication channel in a public key exchange re-sends the keys on your behalf, substituting his own fake keys for the requested one, so that the two original parties (you and your bank) will still appear to be communicating with each other. Features Retrieve fingerprint of any given ssl url from single or multiple sites across the EEDS nodes and compare them with yours.Check if the site is using Extended Validation (EV) certificates.Check if the site is implementing perfect forward secrecy on key exchange.Export results into HTML report.Sound alerts for invalid certificates.Scan with global keys from clipboard without user interaction.Homepage: https://www.digi77.com/ssl-eye-prism-protection/ Download Link: http://www.digi77.com/software/ssleye/update/SSLEye_Setup.exe
  • Create New...