Security News

Photos: RSA Conference 2024
2024-05-08 11:26

RSA Conference 2024 is taking place at the Moscone Center in San Francisco. Help Net Security is on-site, and this gallery takes you inside the event.

From infosec to skunks, RSA Conference SVP spills the tea
2024-05-08 04:03

Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.

RSA: Google Enhances its Enterprise SecOps Offerings With Gemini AI
2024-05-06 19:50

Google updates Google Security Operations and more with Gemini AI. Google is combining the security capabilities of information security company Mandiant and malware scanner VirusTotal with Gemini AI and Google's own user and device footprint in a new offering called Google Threat Intelligence. Available May 6 wherever Google Cloud Security is distributed, Google Threat Intelligence uses Gemini AI to get a top-down look at security data, competing with Microsoft's Copilot for Security.

History of RSA Conference. Bruce Schneier. The First ‘Exhibitor’ in 1994.
2024-04-11 05:52

Bruce Schneier was at the first ever RSA Conference in 1991, and he was the first 'exhibitor' in 1994 when he asked Jim Bidzos, Creator of the RSA Conference, if he could sell copies of his book "Applied Cryptography." Bidzos set Schneier up in the hotel lobby where the conference was being held-and the rest is history. Listen to some great RSA Conference memories on this episode of the History of RSA Conference.

Microsoft announces deprecation of 1024-bit RSA keys in Windows
2024-03-18 19:51

Microsoft has announced that RSA keys shorter than 2048 bits will soon be deprecated in Windows Transport Layer Security to provide increased security. 1024-bit RSA keys have approximately 80 bits of strength, while the 2048-bit key has approximately 112 bits, making the latter four billion times longer to factor.

Experts Uncover Passive Method to Extract Private RSA Keys from SSH Connections
2023-11-27 13:18

A new study has demonstrated that it's possible for passive network attackers to obtain private RSA host keys from a vulnerable SSH server by observing when naturally occurring computational...

Researchers extract RSA keys from SSH server signing errors
2023-11-19 15:01

A team of academic researchers from universities in California and Massachusetts demonstrated that it's possible under certain conditions for passive network attackers to retrieve secret RSA keys from naturally occurring errors leading to failed SSH connection attempts. A paper published by university researchers Keegan Ryan, Kaiwen He, Nadia Heninger, and George Arnold Sullivan, shows that it's possible for a passive network attacker to obtain a private RSA key from SSH servers experiencing faults during signature computation.

New Marvin attack revives 25-year-old decryption flaw in RSA
2023-10-01 14:16

Using standard hardware, the researchers demonstrated that executing the Marvin Attack within just a couple of hours is possible, proving its practicality. The Marvin Attack does not have a corresponding CVE despite highlighting a fundamental flaw in RSA decryption, mainly how padding errors are managed, due to the variety and complexity of individual implementations.

ROBOT crypto attack on RSA is back as Marvin arrives
2023-09-26 17:00

In a paper titled, "Everlasting ROBOT: the Marvin Attack," Hubert Kario, senior quality engineer on the QE BaseOS Security team at Red Hat, shows that many software implementations of the PKCS#1 v1.5 padding scheme for RSA key exchange that were previously deemed immune to Daniel Bleichenbacher's widely known attack are vulnerable. "For TLS hosts that use forward secure ciphersuites, the attacker would have to perform a massively parallel attack to forge a server signature before a client would time out during the connection attempt. That makes the attack hard, but not impossible."

At RSA, Akamai put focus on fake sites, API vulnerabilities
2023-05-02 22:03

Content delivery network and cloud services provider Akamai, which recently acquired API security firm Neosec in a deal expected to close in the next two weeks, is joining the API security ecosystem. Akamai noted companies use an average of 1,061 apps and, to give a sense of the scope of attacks, noted that there were 161 million API attacks on Oct. 8, 2022 and peaked on Oct. 9.