Developers - Critical flaw alert! Stop using JSON encryption

Well, you know a patch/fix is forthcoming. When is the question? This sounds VERY nasty.

A vulnerability in a JSON-based web encryption protocol could allow attackers to retrieve private keys. Cryptography experts have advised against developers using JSON Web Encryption (JWE) in their applications in the past, and this vulnerability illustrates those very dangers.

Software libraries implementing the JWE, or RFC 7516, specification suffer from a classic Invalid Curve Attack, wrote Antonio Sanso, a senior software engineer at Adobe Research Switzerland and part of the Adobe Experience Manager security team. The JSON Web Token (JWT) is a JSON-based open standard defined in the OAuth specification family used for creating access tokens, and JWE is a set of signing and encryption methods for JWT. Developers using JWE with Key Agreement with Elliptic Curve Diffie-Hellman Ephemeral Static (ECDH-ES) are affected. 

Read more.

Da Boss!

Website: www.digitalsmind.com Email: This email address is being protected from spambots. You need JavaScript enabled to view it.

Latest Content

  • Microsoft and Facebook just laid a 160-terabits-per-second cable 4,100 miles across the Atlantic
    Written by
    Microsoft and Facebook just laid a 160-terabits-per-second cable 4,100 miles across the Atlantic Awesome.. Microsoft, Facebook, and the telecoms infrastructure company Telxius have…
  • iOS 11 is causing massive battery drain problems
    Written by

    Da Boss!

    iOS 11 is causing massive battery drain problems Sometimes, it's a good thing to just wait for the…
    Read more...
  • Meth found in 7-Up in Mexico
    Written by

    Da Boss!

    Meth found in 7-Up in Mexico Meth in 7-Up. What's next? 
    Read more...
  • ASUS B250 Mining Expert LGA 1151 Motherboard - supports up to 16x GPU, Mining Mode BIOS Optimization
    Written by

    Da Boss!

    ASUS B250 Mining Expert LGA 1151 Motherboard - supports up to 16x GPU, Mining Mode BIOS Optimization Ya know, if I was that into Mining I would…
  • CCleaner for Windows "Hacked" - Hackers Hid Backdoor
    Written by

    Da Boss!

    CCleaner for Windows "Hacked" - Hackers Hid Backdoor Welp...I'm s****! I use CCleaner all the time. So much…
    Read more...

Visit the Digitalsmind Video YouTube Page!

Did you know we have a video page on YouTube? 

Well... WE DO! 

Check us out! 

- Our Video page.