Qualys researchers have discovered two vulnerabilities in the popular OpenSSH implementation of the secure shell protocol, one of which (CVE-2016-0777) could be exploited by attackers to extract users' private cryptographic keys.
Researchers Karthikeyan Bhargavan and Gaëtan Leurent from INRIA, the French national research institute for computer science, have discovered a new class of transcript collision attacks that can be leveraged against (supposedly secure) mainstream protocols such as TLS, IKE, and SSH.
Dutch security researcher Guido Vranken has come up with a new attack that could allow attackers to discover the length of a user's password - and therefore make it easier to brute-force it - by analyzing a packet capture of the user's HTTPS traffic.
Kingston released the DataTraveler 2000 encrypted USB 3.0 Flash drive, which offers hardware encryption and PIN protection with access through an onboard alphanumeric keypad.
Representatives of the Tor Project, the non-profit organization that maintains the software needed for using the Tor anonymity network and operates the Onion network, have announced the imminent creation of a bug bounty program aimed at finding and fixing security flaws in the software.
Reading our newsletter every Monday will keep you up-to-date with security news.
Receive a daily digest of the latest security news.