• SSL News from Black Hat and DEF CON 2013

    Every year we review some of the presentations at Black Hat and DEF CON that discuss SSL, TLS and HTTPS. Here is the list from 2013. The Factoring Dead: Preparing for the Cryptopocalypse Download: Slides by Alex Stamos, Tom Ritter, Thomas Ptacek and Javed Samuel This presentation looked into the recent leaps in solving discrete logarithm problem (DLP) by Joux

        in SSL, SSL Deployment
    0
  • SSL Fingerprints

    GRC has created HTTPS/SSL Fingerprints. This service allows you to check whether or not your enterprise is performing MITM on the SSL secured site that you are trying to reach. It compares the certificate fingerprint to what you would receive to the fingerprint that they receive by going direct. If they are the same, the certificate is authentic and you have no problem. If they are different, then it is likely that someone is performing MITM on your SSL connection.

        in Secure Browsing, SSL, SSL Deployment
    0
  • HSTS RFC Finalized

    HTTP Strict Transport Security (HSTS) has been finalized and published as RFC 6797. The purpose of HSTS is to allow a website to declare to complying users’ agents that they should interact with it using a secure connection such as HTTPS. In order to implement HSTS, a website must have a statement in its header, such as: Header always set Strict-Transport-Security

        in Secure Browsing, SSL, SSL Deployment
    0
  • Facebook Steps up SSL Game

    A year and a half ago, I wrote a blog, Nice Try Facebook. This was my response to Facebook’s turning on of HTTPS for users. Probably a response to mitigate the new Firesheep attack. (BTW, happy second birthday Firesheep; more than 2.4 million downloads in two years.) My issue with Facebook was the HTTPS feature was off by default. Users

        in Secure Browsing, SSL
    0
  • HSTS RFC Finalized

    HTTP Strict Transport Security (HSTS) has been finalized and published as RFC 6797. The purpose of HSTS is to allow a website to declare to complying users’ agents that they should interact with it using a secure connection such as HTTPS. In order to implement HSTS, a website must have a statement in its header, such as: Header always set Strict-Transport-Security

        in Secure Browsing, SSL, SSL Deployment
    0
  • Facebook Steps up SSL Game

    A year and a half ago, I wrote a blog, Nice Try Facebook. This was my response to Facebook’s turning on of HTTPS for users. Probably a response to mitigate the new Firesheep attack. (BTW, happy second birthday Firesheep; more than 2.4 million downloads in two years.) My issue with Facebook was the HTTPS feature was off by default. Users

        in Secure Browsing, SSL
    0
Page 1 of 5123...5...»»