Scramble on to fix flaw in SSL security protocol

Thursday, November 5th, 2009

Software makers around the world are scrambling to fix a serious bug in the technology used to transfer information securely on the Internet.The flaw lies in the SSL protocol, best known as the technology used for secure browsing on Web sites beginning with HTTPS, and lets attackers intercept secure SSL ...

Cain & Abel v4.9.34 released

Sunday, October 18th, 2009

New in 4.9.34: Added support for Windows 2008 Terminal Server in APR-RDP sniffer filter. Added Abel64.exe and Abel64.dll to support hashes extraction on x64 operating systems. Added x64 operating systems support in NTLM hashes Dumper, MS-CACHE hashes Dumper, LSA Secrets Dumper, Wireless Password Decoder, Credential Manager Password Decoder, DialUp Password Decoder. Added Windows Live ...

SSL Still Mostly Misunderstood

Saturday, October 10th, 2009

Most users ensure their Web sessions are using Secure Sockets Layer (SSL) before entering their credit card information, but less than half do so when typing their passwords onto a Web page, according to a new survey. Just what SSL does and doesn't do isn't clear to many users, and the ...

Carbonite Can Decrypt Your Data

Friday, October 2nd, 2009

Yes, your data is encrypted before it gets sent up to their servers for storage (via an SSL connection), but Carbonite keeps a copy of the decryption key on their servers in case they need to decrypt it for various reasons.  It's stated in their Privacy Policy so it's not ...

SSL trick certificate published

Wednesday, September 30th, 2009

On the Noisebridge hacker mailing list, security specialist Jacob Appelbaum has published an SSL certificate and pertinent private key that together allow web servers to avoid triggering an alert in vulnerable browsers - irrespective of the domain for which the certificate is submitted. Phishers, for example, could use the certificate ...