Today's video covers an Internet of Things (IoT) hack for Star Wars geeks (like me). It's not really dangerous, and probably won't get exploited in the next "cyber war," but its interesting nonetheless. Watch below to learn more. (Episode Runtime: 2:42) Direct YouTube Link: https://www.youtube.com/watch?v=3YREQah6PXQ EPISODE REFERENCES: Researchers blog post on small … [Read more...]
Lots of Duplicate Keys – Daily Security Byte EP. 183
You've heard me talk about the Lenovo Superfish issue, and Dell's Superfish 2.0. Both these vendors shipped products with identical digital certificates, which makes it easier for attackers to trick these devices into trusting them, if they can get into the path of the devices' communications. Well, the news just got even worse. Watch today's episode to learn about the latest … [Read more...]
Dell Superfish 2.0 – Daily Security Byte EP. 180
Remember Superfish? That was when Lenovo shipped bloatware on their laptops that included the same self-signed root certificate. Once attackers extracted the private key, they could leverage this root certificate to make every HTTPS connection look good, even if it was a fake site. Apparently, Dell made the same mistake. Watch today's video to learn more. Show note: I … [Read more...]
Plane Hacking & Crypto Logjams – WSWiR Episode 153
Are you too busy provisioning new servers and reseting your users' Windows passwords to keep up with information security news? If so, we have a quick solution for you. Learn the most important security issues in under ten minutes with our weekly security review video. Today's episode talks about the latest plane hacking drama, a new cryptographic weakness, and a data breach … [Read more...]
WatchGuard Breaks Logjam and Protects Encrypted Connections
This week, a group of university researchers disclosed a new vulnerability affecting the Diffie-Hellman key exchange. The Diffie-Hellman (DH) key exchange is a cryptographic method for two systems to establish a shared secret over a public communication channel, which they later use to encrypt their communications. Many encryption protocols, including HTTPS, SMTPS, IPSec VPN, … [Read more...]