Tag Archives: Microsoft

Microsoft Warns of Malicious RTF Files, Remote Code Execution

March 27, 2014 by Entrust, Inc.     No Comments

On Monday, Microsoft issued a security advisory (2953095) notifying IT professionals and end-consumers of a vulnerability affecting “supported versions of Microsoft Word.” Per the advisory, specific rich text files (.RTF) that can be opened or previewed using many Microsoft software products, specifically Microsoft Word (2003-2013)and related service packs, could leave users vulnerable to remote code [Read More...]

Filed Under: General Tagged With: rtf

Moving to TLS 1.2

February 10, 2014 by Bruce Morton     No Comments

In 2014, there will be a trend for website owners to implement TLS 1.2 on their servers. TLS 1.2 was defined in RFC 5246 in August 2008 and is the most secure version of SSL/TLS protocol. Although TLS 1.2 has been available for a few years, it is not well deployed. SSL Pulse indicates that [Read More...]

Filed Under: SSL, SSL Deployment Tagged With: CBC, How's My SSL, Microsoft

SHA-1 Deprecation, on to SHA-2

December 9, 2013 by Bruce Morton     1 Comment

We have previously reviewed implementation of SHA-2, but with Bruce Schneier stating the need to migrate away from SHA-1 and the SHA-1 deprecation policy from Microsoft, the industry must start to make some progress in 2014. Web server administrators will have to make plans to move from SSL and code signing certificates signed with the [Read More...]

Filed Under: SSL, SSL Deployment Tagged With: Code Signing, Microsoft, SHA-1

SSL Certificates without Non-FQDNs

February 21, 2013 by Bruce Morton     1 Comment

The CA/Browser Forum decided to mitigate the risk by deprecating the issuance of certificates with non-FQDNs.

Lucky Thirteen TLS Attack

February 5, 2013 by Bruce Morton     No Comments

Nadhem AlFardan and Kenny Paterson of the Information Security Group at Royal Holloway, University of London, announced a new TLS/DTLS attack called Lucky Thirteen.

Yahoo turning on SSL

January 17, 2013 by Bruce Morton     No Comments

Yahoo is jumping on the SSL bandwagon to help secure their users’ email.

Filed Under: Secure Browsing, SSL Tagged With: GmailGmail, Google, Microsoft

TURKTRUST Unauthorized CA Certificates

January 4, 2013 by Bruce Morton     No Comments

Although unrelated to Entrust, I thought you might be interested in the news about TURKTRUST.

Android SSL Problems

November 1, 2012 by Bruce Morton     No Comments

There have been a lot of articles written recently about Android SSL problems for applications, which were recently reported by German university researchers.

Stopping CRIME Attacks

September 13, 2012 by Bruce Morton     No Comments

This article by Dan Goodin appears to cover the most facts about the CRIME attack on SSL/TLS. It answers my first question about what the acronym means; CRIME is short for “Compression Ratio Info-Leak Made Easy.” It also confirms the attack is performed when the communication uses TLS compression. My understanding is that TLS compression [Read More...]

Certificate Key Lengths: Bigger is Better

September 7, 2012 by Scott Shetler     No Comments

As previously discussed,  Microsoft issued a security advisory announcing they will block keys that are less than 1024 bits long. This feature will appear in an update for supported versions of Microsoft Windows (not affecting Windows 8 or Windows Server 2012; the functionality is already there) and, of course, you have to upgrade to this [Read More...]