WEB USERS are at risk of man-in-the-middle (MITM) attacks, security firm Sucuri has warned, after discovering that popular web development languages remain vulnerable to transport layer security (TLS) spoofing and exploitation from revoked certificates.

Sucuri, following up a 2012 academic paper that first highlighted the weaknesses, explained that many of the vulnerabilities have still not been patched, so people is turning into their own servers from sites like www.servermania.com/dedicated-servers-toronto.htm to keep their information and services protected.

“Web developers today rely on various third-party APIs. For example, APIs [that] allow you to accept credit card payments, integrate a social network with your website, or clear your CDN’s cache,” said Securi in a blog post.

“The HTTPS protocol is used to secure the connection with the API server. However, if your web app doesn’t verify the TLS certificate, a malicious person can steal your passwords or your customers’ credit card numbers.

“When implemented correctly, the TLS protocol provides encryption and authentication. The connection between your server and the API server is encrypted using a symmetric cipher (typically AES) so an eavesdropper cannot read your data.

Authors of one of the most infamous botnets of all time get busted, researchers discover keyloggers built into HP Laptops, the major HomeKit flaw no one is talking about & the new version of FreeNAS packs a lot of features for a point release.

Plus an update on the show and what to expect & we attempt something TechSNAP could never do as a video production, a live double FreeNAS upgrade!

RSS Feeds:

HD Video Feed | MP3 Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:


Show Notes:

Mirai IoT Botnet Co-Authors Plead Guilty

The U.S. Justice Department on Tuesday unsealed the guilty pleas of two men first identified in January 2017 by KrebsOnSecurity as the likely co-authors of Mirai, a malware strain that remotely enslaves so-called “Internet of Things” devices such as security cameras, routers, and digital video recorders for use in large scale attacks designed to knock Web sites and entire networks offline (including multiple major attacks against this site).

Pre-Installed Keylogger Found On Over 460 HP Laptop Models

The Keylogger was found embedded in the SynTP.sys file, a part of Synaptics touchpad driver that ships with HP notebook computers, leaving more than 460 HP Notebook models vulnerable to hackers.

A security researcher who goes by the name of ZwClose discovered a keylogger in several Hewlett-Packard (HP) laptops that could allow hackers to record your every keystroke and steal sensitive data, including passwords, account information, and credit card details.

Apple Releases iOS 11.2.1 Update With HomeKit Remote Sharing Fix

According to Apple’s release notes, the update re-enables remote access for shared users of the Home app. Apple broke remote access for shared users when implementing a fix for a major HomeKit vulnerability last week.



Process Doppelgänging attack affects all Windows version & evades AV products

Dubbed ‘Process** **Doppelgänging‘ by Tal Liberman and Eugene Kogan of EnSilo, the attack was _demonstrated_during Black Hat Europe 2017 security conference in London earlier today.

Doppelgänging, a fileless code injection technique, works in such a manner that an attacker can manipulate the way Windows handles its file transaction process and pass malicious files even if the code is known to be malicious.

According to security duo “The goal of the technique is to allow a malware to run arbitrary code (including code that is known to be malicious) in the context of a legitimate process on the target machine.”

Question? Comments? Contact us here!