ShatterDOC Original Material

Sunday, March 22, 2015

Apple and Android Apps STILL Vulnerable to FREAK


Article by: Pierluigi Paganini
Pierluigi Paganini is Chief Information Security Officer at Bit4Id,

"FireEye firm has published the report  that reveal a disconcerting reality,  despite vendors issued patched for Android and iOS, several apps are still vulnerable to FREAK attacks when connecting to servers that accept RSA_EXPORT cipher suites. Many iOS apps are still vulnerable to FREAK attack despite Apple has recently the iOS 8.2 version for its mobile devices."

http://securityaffairs.co/wordpress/35052/hacking/mobile-apps-vulnerable-freak.html
Posted by at No comments:

Snowden-approved: The ‘Citizenfour’ hacker’s toolkit

Snowden-approved: The 'Citizenfour' hacker's toolkit
EXTREMETECH | MARCH 20, 2015

The end credits of Citizenfour, the recent Academy Award-winning documentary about Edward Snowden, gave thanks to various security software programs.  If you've wanted to take steps to secure your own information, but were uncertain where to start, this article should get you headed in the right direction.

Posted by at No comments:

Are Your Beliefs Sabotaging You? | Nerd Fitness


Are Your Beliefs Sabotaging You?

This article is a bit off the document security topic but our resident psychologist sent it out to our entire staff.

Read it here:

The article has great advice.  I'm gonna paste in on my fridge.  It takes just one even little victory to change a life,  give hope,  make the seemingly impossible possible.  

Create that little victory today.  

Then celebrate it. You've started at new life!

And now back to our regularly scheduled blogging - document security!


Posted by at No comments:

Premera hit by massive hack that took sensitive data for up to 11M people

Premera hit by massive hack that took sensitive data for up to 11M people
Premera Blue Cross revealed today that its networks suffered a massive security breach last year that gave attackers access to personal information from up to 11 million of its customers. The insurance company first found evidence of the attack on January 29, though evidence shows that the initial attack against Premera's systems took place on May 5, 2014.

-------------------

And if that doesn't make you a bit nervous....

Posted by at No comments:

2015 Bitglass Cloud Security Report : Security Still Cloud’s Achilles Heel

2015 Bitglass Cloud Security Report : Security Still Cloud's Achilles Heel
CLOUD SECURITY ALLIANCE | MARCH 12, 2015
By Christopher Hines, Product Marketing Manager, Bitglass The cloud. 

Companies want it, but can they secure it?

"65% of respondents said that data encryption topped the list of the most effective security technology for data protection. It’s also important to note that due to the proliferation of data that is now moving outside of the firewall, 68% of companies believe that a perimeter-based approach to security is no longer the correct strategy for securing data."
---
Posted by at No comments:

24 Hours After FREAK, 766 Cloud Providers were Still Vulnerable

24 Hours After FREAK, 766 Cloud Providers were Still Vulnerable
CLOUD SECURITY ALLIANCE | MARCH 6, 2015
The Average Company Uses 122 FREAK-vulnerable services 
Article by Sekhar Sarukkai, Co-founder and VP of Engineering, Skyhigh Networks
"[Last] week a group of researchers at INRA, Microsoft Reseach, and IMDEA discovered a widespread vulnerability in OpenSSL that has rendered millions of Apple and Android devices vulnerable to man-in-the-middle attacks when they visited supposedly secure websites and cloud services. You can read the detailed description of the vulnerability from the discovering researchers here.
The researchers have dubbed this the “FREAK” vulnerability (CVE-2015-0204) or Factoring Attack on RSA-EXPORT Keys, and it enables attackers to force clients to use older, weaker encryption , known as the “export-grade” key or 512-bit RSA keys."
This is a serious problem folks!
---
Posted by at No comments:
Subscribe to: Posts (Atom)