Anatomy of a change – Google announces it will double its SSL key sizes
A posting from Naked Security on Google announces it will double its SSL key sizes:
Google just announced that its HTTPS web pages will be ditching 1024-bit RSA keys in favour of 2048 bits.
“Pah,” I hear you say. “I have one or two questions about that – three questions, in fact.”
- How is this newsworthy when many other web properties have already made the switch to 2048 bits? (Kim “Big Fella” Dotcom’s mega.com.nz, for example.)
- Why switch if 1024 bits is much bigger than the largest RSA key yet known to have been cracked, at 768 bits?
- Why the fuss about 1024 bits anyway, if just 128 bits is considered more than enough for other encryption algorithms, such as AES?
Let’s start at the end: why thousands of bits of RSA key but only hundreds for AES?
To read more click here:
Phishers try flattery with Facebook Page owners
An interesting article in Naked Security on Phishers try flattery with Facebook Page owners:
Beware, fanboys and fangirls: phishers are targeting Facebook Page owners with a bogus message supposedly sent from Facebook Security.
According to Hoax-Slayer, the scam claims that Facebook is rolling out a new security feature to protect Page owners.
This supposed new security feature is dubbed the “Fan Page Verification Program”.
It does a nice job of flattering suck-up to entice victims into coughing up their Facebook login details, telling targets that they’ve had ever so many stolen Pages lately, and they simply can’t think of what to do about it except just, well, throw up their hands and Delete them all – yes, Delete those bad, bad Pages, with a capital “D”.
To read more click here:
Focused Black Hat 2013 Trainings Examine Incident Response, Malware
A posting from Dark Reading In there Security management section:
Verizon’s 2013 DBIR indicates that 40% of breaches involved malware, and rapid analysis often falls to incident responders. Malware Analysis: Black Hat Edition provides a rapid intro to the tools and methodologies of Windows malware analysis. Attendees will learn how to observe malware’s actions through disassembly and debugging, extract host and network-based indicators, and zeroing in on the Windows APIs most used by malware authors. Hands-on labs will abound, and everyone will receive a copy of Mike Sikorski’s “Practical Malware Analysis.”
Despite the staggering number of reported breaches in the past year, the typical IT staffer lacks the necessary and specialized training to properly respond. Digital Forensics and Incident Response takes up that slack, offering attendees both the theory behind digital forensics and hands-on experience with real-life situations and evidence. Upon the Training’s completion, students will be able to effectively preserve and analyze a large number of digital evidence sources, skills that are immediately useful in a number of investigative scenarios.
To read more click here:
BIOS Bummer: New Malware Can Bypass BIOS Security
A posting from Dark Reading in there Vulnerability and Threat section:
As more hardware vendors seek to implement the new NIST 800-155 specification that was designed to make the start-up BIOS firmware on our PCs and laptops more secure, they may need to rethink the security assumptions upon which the standard depends. A trio of researchers from The MITRE Corp. say that the current approach relies too heavily on access control mechanisms that can easily be bypassed.
The researchers are taking their message to Black Hat USA later this summer in a talk where they plan to unveil new malware proofs-of-concept that can trick an endpoint’s Trusted Platform Module (TPM) chip into thinking the BIOS firmware is clean and can persist infecting the BIOS after it has been flashed, or reset, or even after it has been updated.
To read more click here:
Twitter launched “Login Verification” feature after the Non-Stop Hijacking of accounts by Pro-Assad Hackers
An article taken from HackersNewsBulletin.com:
After a series of attack on Twitter Accounts, they launched their new verification service “Login Verification” , this step was taken by twitter too late because many of the high profile twitter accounts hijacked by hackers like AP, ONION, E-Online, BBC, Guardian, Financial Times and the latest one is The Telegraph.
Attacks were not limited to media outlets, with two of FIFA’s Twitter accounts having been hacked in April, for which the Syrian Electronic Army also claimed responsibility.
Read the rest here.
10,000 Facebook accounts hacked by Hackers through distributed Malicious links
An interesting Facebook related post by our content partners at HackersNewsBulletin.com:
