Blog keyword search

$150k in cryptocurrency stolen through combined BGP-DNS hijack

A BGP hijack was used to take over some of Amazon's DNS infrastructure, which was then used to serve a phishing site to users of the MyEtherWallet service.
If the Internet is, as is often said, held together with elastic bands and pieces of Sellotape, BGP is essentially a bunch of post-it notes that serve as traffic signs. BGP… https://www.virusbulletin.com/blog/2018/04/150-k-cryptocurrency-stolen-through-cominbed-bgp-dns-hijack/

Transparency is essential when monitoring your users' activities

Activity monitoring by security products in general, and HTTPS traffic inspection in particular, are sensitive issues in the security community. There is a time and a place for them, VB's Martijn Grooten argues, but only when they are done right.
The inspection of HTTPS traffic is a sensitive issue among security experts. On the one hand, there are those who argue that this breaks the important end-to-end principle of… https://www.virusbulletin.com/blog/2017/09/transparency-essential-when-monitoring-someone-elses-activities/

VB2017 Small Talk: The encryption vs. inspection debate

At VB2017, Cloudflare's Head of Cryptography Nick Sullivan will give a Small Talk on the intercepting of HTTPS connections by proxies and anti-virus software.
We all know that security often gets in the way of convenience, but sometimes security even gets in the way of security. This is the case, for example, when a decision needs to be… https://www.virusbulletin.com/blog/2017/08/vb2017-small-talk-encryption-vs-inspection-debate/

Security products and HTTPS: let's do it better

A recent paper showed that many HTTPS-intercepting security solutions have implemented TLS rather poorly. Does that mean we should avoid such solutions altogether?
It is one of the most hotly discussed topics in the security community: is it acceptable for a security product to intercept encrypted HTTP communication (HTTPS) to analyse its… https://www.virusbulletin.com/blog/2017/02/security-products-and-https-lets-do-it-better/

Weak keys and prime reuse make Diffie-Hellman implementations vulnerable

'Logjam' attack possibly used by the NSA to decrypt VPN traffic.
'Logjam' attack possibly used by the NSA to decrypt VPN traffic. A group of researchers have discovered a number of vulnerabilities in the way the Diffie-Hellman key exchange… https://www.virusbulletin.com/blog/2015/05/weak-keys-and-prime-reuse-make-diffie-hellman-implementations-vulnerable/

FREAK attack takes HTTPS connections back to 1990s security

Golden keys from the (first) crypto wars have come back to haunt us.
Golden keys from the (first) crypto wars have come back to haunt us. When a web client makes a secure connection to a web server (using HTTPS), it starts by sending a 'Hello'… https://www.virusbulletin.com/blog/2015/03/freak-attack-takes-https-connections-back-1990s-security/

Tor exit node found to turn downloaded binaries into malware

Tor provides anonymity, not security, hence using HTTPS is essential.
Tor provides anonymity, not security, hence using HTTPS is essential. A security researcher has discovered a Tor exit node that was modifying binaries downloaded through it on the… https://www.virusbulletin.com/blog/2014/10/tor-exit-node-found-turn-downloaded-binaries-malware/

1 in 500 secure connections use forged certificate

For reasons ranging from relatively good, to actual malware.
For reasons ranging from relatively good, to actual malware. Researchers from Facebook and Carnegie Mellon University have published a paper (PDF) in which they show that out of a… https://www.virusbulletin.com/blog/2014/05/1-500-secure-connections-use-forged-certificate/

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.