Information Security News
Google is upgrading the digital certificates used to secure its Gmail, Calendar, and Web search services. Beginning on August 1, the company will start upgrading the RSA keys used to encrypt Web traffic and authenticate to 2048-bits, twice as many as are used now.
The rollout affects the transport layer security (TLS) certificates that underpin HTTPS connections to Google properties. Sometimes involving the secure sockets layer (SSL) protocol, the technologies prevent attackers from reading the contents of traffic passing between end users and Google. They also provide a cryptographic assurance that servers claiming to be Google.com are in fact operated by Google, as opposed to being clones created by attackers exploiting age-old weaknesses in the way the Internet routes traffic.
There are good reasons for Google to upgrade the strength of these crucial digital keys. The weaker the key strength of an RSA key pair, the easier it is for anyone to mathematically derive the "private key." Such attacks work by taking the certificate's "public key" that's published on the website and factoring it to derive the two prime numbers that make up the private key. Once the private key for a Google certificate has been factored, the attacker can impersonate an HTTPS-protected Google server and provide the same indications of cryptographic security as the legitimate service. Someone who was able to derive the secret primes to Google's private key, for instance, would be able to create convincing attacks that would fool many browsers and e-mail clients.
We have seen today a big rise of incoming packets of what appears to be a SQL Slammer attacks. Some of the detected packets are:
We have seen a sustained rate in many nodes inside AS13489 and AS27989 nodes of about 25 Mbps. Some very old SQL servers have been compromised, but the Internet speed has been compromised and navigation it's very slow.
Have you seen something like this today on your AS? Let us know!
Climbing the InfoSec Career Ladder
Breaking into the information security field - a male-dominated profession - is a challenge for women. Lisa Xu, CEO of NopSec, identifies the hurdles she's had to overcome and offers strategies for women to grow in their careers. "One of the challenges ...
NGFW Boom Increasing Burden on Infosec Workers
NGFW Boom Increasing Burden on Infosec Workers. May 24th, 2013 | Author: Doug Woodburn. Twitter · Facebook · Linkedin · Digg · Email. Editor's note: As part of our special editorial partnership, Channelnomics is publishing this recent article from CRN ...
Posted by InfoSec News on May 24http://www.theregister.co.uk/2013/05/23/saps_anon_hack/
Posted by InfoSec News on May 24http://www.timesofisrael.com/anonymous-a-little-less-so-thanks-to-israeli-hackers/
Posted by InfoSec News on May 24http://www.washingtonpost.com/blogs/worldviews/wp/2013/05/23/should-the-u-s-allow-companies-to-hack-back-against-foreign-cyber-spies/
Posted by InfoSec News on May 24http://www.zdnet.com/us-government-has-no-idea-how-to-wage-cyberwar-ranum-7000015840/
Posted by InfoSec News on May 24http://online.wsj.com/article/SB10001424127887323336104578501601108021968.html