6 C
Tuesday, November 21, 2017
Home Tags Public Key

Tag: Public Key

Academic researchers size up weaknesses in the the code-signing Public Key Infrastructure and highlight three types of flaws.
The P1735 IEEE standard describes methods for encrypting electronic-design intellectual property(IP),as well as the management of access rights for such IP.

The methods are flawed and,in the most egregious cases,enable attack vectors that allow recovery of the entire underlying plaintext IP.
Implementations of IEEE P1735 may be weak to cryptographic attacks that allow an attacker to obtain plaintext intellectual property without the key,among other impacts.
Google says upcoming version of Chrome will deprecate the browser's support for HTTP public key pinning.
Google wrote the HTTP public key pinning standard but now considers the web security measure harmful.
No home in Chrome Google is abandoning a next-generation web crypto technology it initially championed.…

Bad Rabbit ransomware

On October 24th we observed notifications of mass attacks with ransomware called Bad Rabbit.
It has been targeting organizations and consumers, mostly in Russia but there have also been reports of victims in Ukraine.
The Infineon RSA library version 1.02.013 does not properly generate RSA key pairs,which may allow an attacker to recover the RSA private key corresponding to an RSA public key generated by this library.

This vulnerability is often cited asROCAin the media.
Factorization weakness lets attackers impersonate key holders and decrypt their data.
Since deleted, post gave public and private key for Adobe incident response team.
Sure, theoretically it offers a lot of protection, but get it wrong...
Security researchers have endorsed industry guru Scott Helme's vote of no confidence in a next-generation web crypto technology.…

No Free Pass for ExPetr

Recently, there have been discussions around the topic that if our product is installed, ExPetr malware wonrsquo;t write the special malicious code which encrypts the MFT to MBR.
Some have even speculated that some kind of conspiracy might be ongoing.… Read Full Article
While the world was still shaking under the destructive ExPetr/Petya attack that hit on June 27, another ransomware attack targeting Ukraine at the same time went almost unnoticed.