Spyware, Viruses, & Security forum


NEWS - May 12, 2014

by Carol~ Forum moderator / May 12, 2014 5:21 AM PDT
Significant portion of HTTPS Web connections made by forged certificates

"Scientists unearth first direct evidence of bogus certs in real-world connections" [Screenshot]

Computer scientists have uncovered direct evidence that a small but significant percentage of encrypted Web connections are established using forged digital certificates that aren't authorized by the legitimate site owner.

The analysis (pdf) is important because it's the first to estimate the amount of real-world tampering inflicted on the HTTPS system that millions of sites use to prove their identity and encrypt data traveling to and from end users. Of 3.45 million real-world connections made to Facebook servers using the transport layer security (TLS) or secure sockets layer protocols, 6,845, or about 0.2 percent of them, were established using forged certificates. The vast majority of unauthorized credentials were presented to computers running antivirus programs from companies including Bitdefender, Eset, and others. Commercial firewall and network security appliances were the second most common source of forged certificates.

Continued : http://arstechnica.com/security/2014/05/significant-portion-of-https-web-connections-made-by-forged-certificates/

Related: Researchers Quantify Fake Certificates Used in SSL Connections
Post a reply
Discussion is locked
You are posting a reply to: NEWS - May 12, 2014
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - May 12, 2014
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Teen Arrested for 30+ Swattings, Bomb Threats
by Carol~ Forum moderator / May 12, 2014 6:36 AM PDT
In reply to: NEWS - May 12, 2014

A 16-year-old male from Ottawa, Canada has been arrested for allegedly making at least 30 fraudulent calls to emergency services across North America over the past few months. The false alarms — two of which targeted this reporter — involved calling in phony bomb threats and multiple attempts at "swatting" — a hoax in which the perpetrator spoofs a call about a hostage situation or other violent crime in progress in the hopes of tricking police into responding at a particular address with deadly force.

On March 9, a user on Twitter named @ProbablyOnion (possibly NSFW) started sending me rude and annoying messages. A month later (and several weeks after blocking him on Twitter), I received a phone call from the local police department. It was early in the morning on Apr. 10, and the cops wanted to know if everything was okay at our address.

Since this was not the first time someone had called in a fake hostage situation at my home, the call I received came from the police department's non-emergency number, and they were unsurprised when I told them that the Krebs manor and all of its inhabitants were just fine.

Continued : http://krebsonsecurity.com/2014/05/teen-arrested-for-30-swattings-bomb-threats/

Collapse -
Bit ly hackers stole user credentials from offsite database
by Carol~ Forum moderator / May 12, 2014 6:58 AM PDT
In reply to: NEWS - May 12, 2014
.. backup

ESET's "We Live Security" Blog:

B i t l y has shed a little more light on the serious security breach it suffered last week.

As you may recall, the URL-shortening service announced last week that it believed the account credentials of B i t l y users could have fallen into the hands of hackers, but it fell short of answering how it determined customer privacy had been breached, how securely passwords had been stored, or - indeed - what had actually gone wrong.

Now some of those questions are being answered.

In a follow-up post entitled "More detail", B i t ly explains that it believes the hackers did *not* manage to access its production network or servers, but instead accessed the customer database from an offsite backup.

Continued : http://www.welivesecurity.com/2014/05/12/bitly-hackers-stole-user-credentials-offsite-database-backup/

Related: Bi tly breach details revealed
Popular Forums
Computer Help 49,613 discussions
Computer Newbies 10,349 discussions
Laptops 19,436 discussions
Security 30,426 discussions
TVs & Home Theaters 20,308 discussions
Windows 10 360 discussions
Phones 15,802 discussions
Windows 7 7,351 discussions
Networking & Wireless 14,641 discussions

Smart Home Help

Light bulbs you shouldn't buy

There are plenty of dimmable LED light bulbs, but make sure you don't buy the ones that flicker when you dial them down.