+1-888-690-2424
  • HEIST Supports BREACH and CRIME Attacks

    At Black Hat USA 2016, doctoral candidates Mathy Vanhoef and Tom Van Goethem presented HEIST, an SSL/TLS vulnerability. HEIST is short for “HTTP Encrypted Information can be Stolen through TCP-windows.” The attack can be triggered simply by a JavaScript file, which may be hidden in a web advertisement or hosted directly on a webpage. Malicious code can then query a

        in SSL
    0
  • SSL Review: July 2016

    Entrust Datacard’s monthly SSL review covers SSL/TLS discussions — recaps news, trends and opinions from the industry. Entrust and CA Security Council Entrust Identity ON discussed: HTTPoxy: Another Reason for HTTPS Everywhere CA Security Council discussed: Minimum Requirements for Code Signing Certificates News & Notes Google Experimenting with Post-Quantum Cryptography Tom Ritter on “a bit on certificate transparency gossip” Changes

        in SSL
    0
  • Minimum Requirements for Code Signing Certificates

    It is time for an update on the Baseline Requirements for Code Signing. First the bad news, the new standard was not approved by the CA/Browser Forum due to philosophical differences among some forum members who felt code signing was not in scope with the Forum’s charter. The good news is the document was created in a multi-stakeholder environment and

        in Digital Signature
    0
  • HTTPoxy: Another Reason for HTTPS Everywhere

    Emerging vulnerabilities underscore the argument for creating a safer Internet for everyone including domain owners by using HTTPS Everywhere, as called for by Google in 2014. The HTTPoxy vulnerability sends us yet another signal to use HTTPS Everywhere, including internal sites. Although secure servers are not susceptible to the HTTPoxy vulnerability, administrators should check their unprotected servers. The vulnerability is

        in SSL
    0
  • Minimum Requirements for Code Signing Certificates

    It is time for an update on the Baseline Requirements for Code Signing. First the bad news, the new standard was not approved by the CA/Browser Forum due to philosophical differences among some forum members who felt code signing was not in scope with the Forum’s charter. The good news is the document was created in a multi-stakeholder environment and

        in Digital Signature
    0
  • HTTPoxy: Another Reason for HTTPS Everywhere

    Emerging vulnerabilities underscore the argument for creating a safer Internet for everyone including domain owners by using HTTPS Everywhere, as called for by Google in 2014. The HTTPoxy vulnerability sends us yet another signal to use HTTPS Everywhere, including internal sites. Although secure servers are not susceptible to the HTTPoxy vulnerability, administrators should check their unprotected servers. The vulnerability is

        in SSL
    0
Page 5 of 57««...456...10152025...»»