Malicious code can spy on OpenSSL, Apple CoreTLS, etc
By Thomas Claburn 1 Dec 2018
Crypto boffins have found a way to exploit side-channel information to downgrade most of the current TLS implementations, thanks to ongoing support for outmoded RSA key exchanges.
In a paper published on Friday, “The 9 Lives of Bleichenbacher’s CAT: New Cache ATtacks on TLS Implementations,” co-authors Eyal Ronen, Robert Gillham, Daniel Genkin, Adi Shamir, David Wong and Yuval Yarom describe an updated version of an attack, first outlined by Swiss cryptographer Daniel Bleichenbacher two decades ago.
Full Article.
Take a look at the best antivirus, anti-malware, anti-spy, etc. software