GnuTLS patches TLS vulnerability that could cause MITM attack

The GNU Transport Layer Security Library (GnuTLS) patched a vulnerability hidden in code for nearly two years. The issue applies to a flaw in how TLS 1.3 session resumption works without a master key. As a result, an attacker could exploit and launch man-in-the-middle (MITM) attacks.

Continue ReadingGnuTLS patches TLS vulnerability that could cause MITM attack

NIST SP 800-52 Rev. 2: Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations

The National Institute of Standards and Technology (NIST) has released its Security Publication (SP) 800-52 Rev. 2: Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations.

Continue ReadingNIST SP 800-52 Rev. 2: Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations

Facebook says Millions of Instagram passwords stored in clear text

Facebook provided an update to a previously disclosed incident involving insecurely storing "tens of thousands" of Instagram users' passwords on internal servers in clear text. Facebook now says that "millions" of Instagram accounts are now impacted.

Continue ReadingFacebook says Millions of Instagram passwords stored in clear text