+1-888-690-2424
  • 2015 – Looking Back, Moving Forward

    This post was originally published on the CA Security Council blog. Looking Back at 2014 End of 1024-bit Security In 2014, the SSL industry moved to issuing a minimum security of 2048-bit RSA certificates. Keys smaller than 2048 are no longer allowed in server certificates. In addition, Microsoft and Mozilla started to remove 1024-bit roots from their certificate stores. Hopefully, the

        in SSL, SSL Deployment
    0
  • POODLE for TLS

    Part 3 of 3 in the Series — Poodle
    The POODLE attack on SSL 3.0 has now been extended to some implementations of TLS. POODLE for TLS can be tracked through CVE-2014-8730. Adam Langley states that “TLS’s padding is a subset of SSLv3’s padding so, technically, you could use an SSLv3 decoding function with TLS and it would still work fine. It wouldn’t check the padding bytes but that wouldn’t cause

        in Alerts, SSL
    0
  • Lucky Thirteen TLS Attack

    Nadhem AlFardan and Kenny Paterson of the Information Security Group at Royal Holloway, University of London, announced a new TLS/DTLS attack called Lucky Thirteen.

        in SSL, SSL Deployment
    0
  • Summarization of CRIME Attack on SSL

    I’ve written a few blogs on CRIME, but now that Juliano Rizzo and Thai Duong have presented CRIME at Ekoparty 2012, I thought a summary is due. CRIME is short for “Compression Ratio Info-Leak Made Easy.” In their presentation, Rizzo and Duong reminded us that HTTPS provides confidentiality, integrity and authenticity; however, CRIME decrypts portions of an HTTPS message, such

        in Secure Browsing, SSL
    0
  • Lucky Thirteen TLS Attack

    Nadhem AlFardan and Kenny Paterson of the Information Security Group at Royal Holloway, University of London, announced a new TLS/DTLS attack called Lucky Thirteen.

        in SSL, SSL Deployment
    0
  • Summarization of CRIME Attack on SSL

    I’ve written a few blogs on CRIME, but now that Juliano Rizzo and Thai Duong have presented CRIME at Ekoparty 2012, I thought a summary is due. CRIME is short for “Compression Ratio Info-Leak Made Easy.” In their presentation, Rizzo and Duong reminded us that HTTPS provides confidentiality, integrity and authenticity; however, CRIME decrypts portions of an HTTPS message, such

        in Secure Browsing, SSL
    0
Page 1 of 3123