Department of Technology & Information Security

March 10, 2015 at 6:09 am

FREAK Encryption Vulnerability Exposes “Secure” Communications

Posted by in Blog

Recently, a team of researchers found that they could do a protocol degradation attack and force a browser to use the weaker encryption.  Using cloud computing, they were able to crack the encryption in about 8 hours and for a cost of about $100. Once the research team had the encryption keys, they could do “Man-in-the-Middle” (MITM) attacks to capture, read, and even modify “encrypted” communications between the victim and the website. This vulnerability is called “FREAK” for Factoring Attack on RSA-Export Keys

[link to full article]

March 9, 2015 at 1:58 pm

Point-of-Sale Vendor NEXTEP Probes Breach

Posted by in Blog

NEXTEP Systems, a Troy, Mich.-based vendor of point-of-sale solutions for restaurants, corporate cafeterias, casinos, airports and other food service venues, was recently notified by law enforcement that some of its customer locations have been compromised in a potentially wide-ranging credit card breach, KrebsOnSecurity has learned. The acknowledgement came in response to reports by sources in the financial industry who spotted a pattern of fraud on credit cards all recently used at one of NEXTEP’S biggest customers: Zoup, a chain of some 75 soup eateries spread across the northern half of the United States and Canada.

[link to full article]

February 21, 2015 at 8:22 am

Man-in-the-Middle Attacks on Lenovo Computers

Posted by in Blog

It’s not just national intelligence agencies that break your https security through man-in-the-middle attacks. Corporations do it, too. For the past few months, Lenovo PCs have shipped with an adware app called Superfish that man-in-the-middles TLS connections. Here’s how it works, and here’s how to get rid of it.

[link to full article]

February 19, 2015 at 7:01 am

12,000 exposed to possible ID theft after Jeb Bush publishes emails

Posted by in Blog

Possible 2016 Republican presidential candidate Jeb Bush has has had to retroactively redact over 12,000 personal details from emails published in the name of transparency. The former Florida governor released the cache of 332,999 emails sent and received during his eight years in office for transparency. However, the files contained around 12,500 personal details of members of Florida’s population, including names, birthdates and social security numbers – what The Guardian describes as “the three pieces of information key to identity theft.”

[link to full article]

© 2015 DTIS: Department of Technology & Information Security