Skip to main content
banner image
venafi logo

Cookie theft, spyware and why PKI is still cool [Encryption Digest 2]

Cookie theft, spyware and why PKI is still cool [Encryption Digest 2]

cookie theft
April 20, 2019 | Katrina Dobieski


Forget the sophisticated spyware – these days all a hacker need do is install a bit of malware and happen upon some unprotected cookies to snag the keys to a company’s kingdom.


As VPN service providers notice cookies stored in unencrypted memory logs, they are issuing fixes just as fast. Encryption goes both ways as PKI loses zero relevance in the changing landscape of an IoT takeover, and Apple’s Enterprise Program gets abused as dealers roll out invasive apps designed to syphon data. Catch up on what’s trending in encryption news as we scour top headlines to bring you the industry’s latest.


PKI: Why We Won’t Stop Talking About It

Ten years ago, PKI (Public Key Infrastructure) validated information about a specific individual, issuing them a certificate from a trusted third-party Certificate Authority. The CA would use their top-secret private key to validate your public one, issuing a certificate that allowed information to pass through to you, the right person. Your email account wasn’t just hacked.

In today’s world, humans are no longer required to authenticate their every online action. Processes are becoming lean and automated and machines are proliferating like forest bunnies. With IoT devices replacing humans on nearly every level, is PKI still relevant? Read the full article.





Vulnerable VPNs leave Companies Open to Attack

What happens when you don’t lock up the cookies? A security advisory is issued by the US’ Computer Emergency Response Team (CERT) and two major VPN service providers issue immediate patches.

The dilemma came from VPN providers failing to encrypt memory and log files where cookies were stored on client computers. These cookies save usernames and passwords to avoid manual logins. However, with a bit of malware a hacker could use the unprotected cookies to gain access to the VPN, running all the same applications as the user. F5 was previously a victim of this type of vulnerability, since patching the problem and suggesting two-factor authentication for any lingering complications. Read the full article.


Apple’s Enterprise App Leveraged for Spyware

The Enterprise Program and its lowered permissions were originally designed to give companies leeway to create “proprietary in-house apps” for their employees; now shady developers marketplace illegal downloads, bootlegged games and data-harvesting grime.

Of primary concern is a stalkerware app linked to surveillance developer Conexxa. The malware was discovered by Lookout, who linked it to mobile networks in Italy and Turkmenistan. Once installed, it can pick your iPhone clean of contacts, audio, video and real-time location, including dropping in on your phone calls. The use of pinned certificates implicated it as a professionally developed app. Read the full article.

Related Posts

Like this blog? We think you will love this.
Featured Blog

With Rapid Rise in Funds Stolen from DeFi Protocols, Private Keys in Play

Massive heist begins with

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

Subscribe Now

See Popular Tags

You might also like

TLS Machine Identity Management for Dummies

TLS Machine Identity Management for Dummies

Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

Katrina Dobieski
Katrina Dobieski

Katrina writes for Venafi's blog and helps optimize Venafi's online presence to advance awareness of Machine Identity Protection.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more