man in the middle attack

man in the middle attack

Nokia: Yes we decrypt your HTTPS data, but don't worry about it

gigaom.com
Nokia has confirmed reports that its Xpress Browser decrypts data that flows through HTTPS connections – that includes the connections set up for banking sessions, encrypted email and more. However, it insists that there’s no need for users to panic because it would never access customers’ encrypted data. The confirmation-slash-denial...
Nokia: Yes we decrypt your HTTPS data, but don't worry about it

Trustwave Admits It Issued A Certificate To Allow Company To Run Man-In-The-Middle Attacks

www.techdirt.com
We've pointed out for years that the whole structure of SSL certificate-based security is open to attack via man-in-the-middle attacks... if you can somehow get a certificate authority to grant you a fake certificate. Of course, the protection against that was supposed to be that a certificate authority wouldn't do...
Trustwave Admits It Issued A Certificate To Allow Company To Run Man-In-The-Middle Attacks
Internal DEA document complains it's impossible to intercept iMessages

Nokia Running A Man In The Middle Attack To Decrypt All Your Encrypted Traffic, But Promises Not To Peek

www.techdirt.com
This is a bit crazy. After a security researcher pointed out that Nokia's Xpress Browser is basically running a giant man in the middle attack on any encrypted HTTPS data you transmit, the company played the whole situation down by saying, effectively, sure, that's what we do, but it's not...
Nokia Running A Man In The Middle Attack To Decrypt All Your Encrypted Traffic, But Promises Not To Peek

Nokia seems to be hijacking traffic on some of its phones, grabbing your HTTPS data unencrypted

thenextweb.com
On Wednesday, security professional Gaurang Pandya outlined how Nokia is hijacking Internet browsing traffic from some of its phones. As a result, the company technically has access to all your Internet content, including sensitive data that is sent over secure connections (HTTPS), such as banking credentials and pretty much any...
Nokia seems to be hijacking traffic on some of its phones, grabbing your HTTPS data unencrypted

Judge Allows FBI To Use Evidence Collected Via Stingray Fake Cell Towers

www.techdirt.com
For the past few years, we've been covering a key DOJ case against Daniel Rigmaiden. Rigmaiden appears to have been involved in some likely fraud, but after asking how the feds tracked him down, it was revealed that they used a fake mobile tower, often referred to as a "stingray"...
Judge Allows FBI To Use Evidence Collected Via Stingray Fake Cell Towers

In-App Purchase Vulnerability to Be Fixed in iOS 6; Apple Offers Best Practices to Developers

www.macrumors.com
As noticed by 9to5Mac, Apple has offered developers a series of best practices to prevent the In-App Purchase vulnerability, as well as promising a full fix in iOS 6. The advisement was sent to developers in an email today. CNET was issued this statement by Apple:"We recommend developers follow best...
In-App Purchase Vulnerability to Be Fixed in iOS 6; Apple Offers Best Practices to Developers

WoW authenticators bypassed by middlemen hackers

www.theregister.co.uk
Your shiny weapons are no good here Crooks have developed a man-in-the-middle-attack designed to circumvent authentication kit used by dedicated World of Warcraft gamers.…What is your recession sales strategy?...
WoW authenticators bypassed by middlemen hackers

Apple gives developers access to its private API to prevent in-app purchase exploit, says fix coming in iOS 6

thenextweb.com
Apple has provided developers with a new document today that outlines a method for preventing the recent in-app purchase exploit that allowed free transactions. We’ve spoken to developers that have reviewed the document and its contents are singular in that Apple gives permission to use code from its private API...
Apple gives developers access to its private API to prevent in-app purchase exploit, says fix coming in iOS 6

Law Enforcement Appliance Subverts SSL

www.wired.com
That little lock on your browser window indicating you are communicating securely with your bank or e-mail account may not always mean what you think its means. Normally when a user visits a secure website, such as Bank of America, Gmail, PayPal or eBay, the browser examines the website’s...
Law Enforcement Appliance Subverts SSL
5 Ways To Protect Your Public Internet Use
T-Mobile Wi-Fi calling vulnerability could have let attackers listen in on calls

Security Loophole In Facebook's Camera App Allowed Hackers To Hijack Accounts Over WiFi

techcrunch.com
PSA to all Facebook Camera users on iOS: If you haven’t update you app in the past few days, update it now. The older version of the app, pre-1.1.2 and released before December 21, has a security loophole. When used over WiFi networks, malicious hackers can tap the network and hijack Camera...
Security Loophole In Facebook's Camera App Allowed Hackers To Hijack Accounts Over WiFi

Microsoft tweaks Skype to facilitate wiretapping

www.extremetech.com
VoIP, the voice-over-IP communications technology that is slowly making POTS landlines obsolete. SIP providers, VoIP applications, and messaging platforms all utilize VoIP to provide voice calling on PCs, phones, and mobile devices. One of the most popular VoIP applications is the Skype messaging service. Skype uses a peer-to-peer network of...
Microsoft tweaks Skype to facilitate wiretapping

‘Nightmare’ scenario: Flame virus spreads by hijacking Microsoft’s Windows Update

www.geekwire.com
The fake digital signature that helped the virus spread by appearing to come from Microsoft. (Kaspersky Lab) Windows Update is Microsoft’s tried-and-true method of distributing security patches to protect computers around the world from malicious code. However, researchers investigating the mysterious Flame virus have discovered that it can spread by...
‘Nightmare’ scenario: Flame virus spreads by hijacking Microsoft’s Windows Update

How a flaw in Apple's in-app purchase process enabled more than 30,000 illegal virtual transactions

thenextweb.com
Exclusive. Earlier today a method came to light that allows Apple device users to ‘purchase’ any kind of in-app content for free. The content can be obtained without “hacking” the device and cannot be prevented by developers using Apple’s recommended receipt signing procedures, as has been widely suggested. The method for stealing...
How a flaw in Apple's in-app purchase process enabled more than 30,000 illegal virtual transactions

As promised, Kim Dotcom starts payouts for Mega vulnerability reward program: Seven bugs fixed in first week

thenextweb.com
If you’re a hacker or a security researcher, this is a reminder that you don’t have to take on Google’s or Mozilla’s software to get paid for finding a bug. In its first week, the Mega vulnerability reward program has already confirmed and fixed seven bugs, showing that Dotcom really...
As promised, Kim Dotcom starts payouts for Mega vulnerability reward program: Seven bugs fixed in first week

Sloppy App Development Leaves Android Owners At Risk

readwrite.com
An analysis of thousands of apps found nearly 8% of them are vulnerable to what's called a man-in-the-middle attack. That's when a hacker intercepts data between the app and a Web server. Developers prevent this type of digital eavesdropping by implementing a cryptographic protocol called a secure sockets layer of...
Sloppy App Development Leaves Android Owners At Risk

DOJ Misled Judges For Years About How It Was Using Stingray Devices To Spy On People

www.techdirt.com
How many times does it need to be repeated? If you give law enforcement the ability to spy on people -- even with limits -- law enforcement will always blow through those limits and abuse its powers. It happens over and over and over again. And that becomes doubly true...
DOJ Misled Judges For Years About How It Was Using Stingray Devices To Spy On People

Nokia caught decrypting HTTPS traffic - for your own good

www.extremetech.com
Whoops. Nokia's been caught decrypting HTTPS traffic on their Asha/Lumia phone series and configuring phones not to report what amounts to a man-in-the-middle attack. Nokia claims this is part of providing better service, but circumventing security isn't the way to make that happen -- even if the company doesn't store...
Nokia caught decrypting HTTPS traffic - for your own good
Flame malware hijacks Windows Update to spread from PC to PC

A Contrarian Futurist

allthingsd.com
The Churchill Club recently asked a handful of VCs to share a couple of non-obvious technologies that we expect to disrupt markets over the next five years. Here are my two predictions. EyePhones will Replace iPhones Remember MS-DOS commands, and the WordStar keystroke combinations we had to memorize? Then the...
A Contrarian Futurist

Turkish government agency spoofed Google certificate "accidentally"

arstechnica.com
Microsoft has released a security advisory concerning a fraudulent digital certificate for all Google domains apparently created by the Turkish government. The certificate, which was created by a subsidiary Certificate Authority issued to the transportation directorate of the city government of Ankara, could have been used to intercept SSL...
Turkish government agency spoofed Google certificate "accidentally"
× Just a test of the new info bar. What do you think?