Archive for ssl

Android apps downloaded over 6.3 billion times still vulnerable to FREAK

A total of 1,228 popular Android apps found in the Google Play store are still vulnerable to a FREAK attack, FireEye says. Research published on Tuesday by the firm’s security team disclosed just how vulnerable both Android and iOS apps still are to the FREAK bug.

Lenovo PCs ship with man-in-the-middle adware that breaks HTTPS connections [Updated]

Lenovo is selling computers that come preinstalled with adware that hijacks encrypted Web sessions and may make users vulnerable to HTTPS man-in-the-middle attacks that are trivial for attackers to carry out, security researchers said.

Google reveals major flaw in outdated, but widely-used SSL protocol

Google’s Security Team revealed on Tuesday that the long obsolete, but still all too used, Secure Sockets Layer (SSL) 3.0 cryptographic protocol has a major security flaw. While SSL 3.0 has been succeeded by Transport Layer Security (TLS) 1.0, TLS 1.1, and TLS 1.