Infosecurity-magazine.com

Putting TLS Pinning in Your Mobile Apps

For mobile applications, Transport Layer Security (TLS) certificate pinning goes a long way toward building security into an app and enhancing user and data privacy. The successor protocol to Secure ...
WeLiveSecurity

How to avoid certificate pinning in the latest versions of Android

We previously explained how to construct an analysis environment enabling the certificate pinning process to be bypassed in Android applications, in order to be able to examine network traffic and to ...
Threat Post

Mozilla Patching Firefox Certificate Pinning Vulnerability

Mozilla is expected tomorrow to patch a critical certificate pinning vulnerability in Firefox’s automated update process for extensions. Mozilla is expected tomorrow to patch a critical vulnerability ...
Threat Post

Banking Apps Found Vulnerable to MITM Attacks

Using a free tool called Spinner, researchers identified certificate pinning vulnerabilities in mobile banking apps that left customers vulnerable to man-in-the-middle attacks. Leading US and UK-based ...
Ars Technica

Sennheiser discloses monumental blunder that cripples HTTPS on PCs and Macs

Audio device maker Sennheiser has issued a fix for a monumental software blunder that makes it easy for hackers to carry out man-in-the-middle attacks that cryptographically impersonate any big-name ...
Ars Technica

Bug that hit Firefox and Tor browsers was hard to spot—now we know why

A recently fixed security vulnerability that affected both the Firefox and Tor browsers had a highly unusual characteristic that caused it to threaten users only during temporary windows of time that ...
InfoQ

Chrome Supports Key Pinning on Android to Improve Security

A monthly overview of things you need to know as an architect or aspiring architect. Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with ...