• Firefox to Block Mixed Content

    Website owners who have mixed-content pages will surely be impacted and should make changes. Along with Firefox, Internet Explorer, Chrome and Opera already block mixed content. This means the users of the site will get trust warnings or the browser’s security indication (i.e., lock icon) may not be present.

        in Secure Browsing, SSL, SSL Deployment
    0
  • Stopping CRIME Attacks

    This article by Dan Goodin appears to cover the most facts about the CRIME attack on SSL/TLS. It answers my first question about what the acronym means; CRIME is short for “Compression Ratio Info-Leak Made Easy.” It also confirms the attack is performed when the communication uses TLS compression. My understanding is that TLS compression is used in SPDY, which

        in Secure Browsing, SSL
    0
  • Why Your Browser Matters

    Over the past couple of weeks, the Online Trust Alliance (OTA) and Microsoft have launched campaigns promoting the use of modern browsers. OTA’s campaign, “Why Your Browser Matters,” provides tools and resources to help website operators provide user education on the value of keeping browsers current. What appears to be complementary to the OTA campaign is the Microsoft announcement of

        in Secure Browsing, SSL
    0
  • Addressing Mixed Content Vulnerabilities

    I fail to understand why website operators continue to deploy sites with Mixed Content. Are the following trust dialogues presented to their users not sufficient incentive to correct the problem? Nevertheless, a recent study showed that 22 percent of sites use Mixed Content. Internet Explorer (IE) and Firefox present these security dialogues by default. That means if your site has

        in Secure Browsing, SSL, SSL Deployment
    0
  • Why Your Browser Matters

    Over the past couple of weeks, the Online Trust Alliance (OTA) and Microsoft have launched campaigns promoting the use of modern browsers. OTA’s campaign, “Why Your Browser Matters,” provides tools and resources to help website operators provide user education on the value of keeping browsers current. What appears to be complementary to the OTA campaign is the Microsoft announcement of

        in Secure Browsing, SSL
    0
  • Addressing Mixed Content Vulnerabilities

    I fail to understand why website operators continue to deploy sites with Mixed Content. Are the following trust dialogues presented to their users not sufficient incentive to correct the problem? Nevertheless, a recent study showed that 22 percent of sites use Mixed Content. Internet Explorer (IE) and Firefox present these security dialogues by default. That means if your site has

        in Secure Browsing, SSL, SSL Deployment
    0
Page 1 of 212