Advertisement
Top

DUHK Attack Exposes Gaps in FIPS Certification

October 25, 2017

Via: Threat Post
Category:

Despite the obligatory logo and clever name, this week’s assault on crypto, the so-called DUHK attack (Don’t Use Hardcoded Keys), isn’t likely to be part of many threat models.

Though the attack can be used to passively decrypt VPN and encrypted browser traffic, it relies on a host of implementation errors in admittedly ancient security appliances to trigger a vulnerability known for two decades in a pseudorandom number generator.

Read More on Threat Post

RELATED PUBLICATIONS

The importance of the Vulnerability Operations Centre for cybersecurity
Are passwordless systems the future of authentication?
Info stealer attacks target macOS users

Latest Publications

Google fixed critical Chrome vulnerability CVE-2024-4058
North Korean Hackers Hijack Antivirus Updates for Malware Delivery
AI set to play key role in future phishing attacks
Security Curated Copyright © 2024. All rights reserved
Go to ITCurated!