+1-888-690-2424
  • Private Trust and Proxies

    With the news of Superfish, Komodia and PrivDog , there has been some interesting discussion on private trust and HTTPS proxies. Private Trust By private trust, I mean the use of private certification authorities (CAs). On the Internet, we use public trust CAs. These CAs are created in accordance with browser certificate policies, are highly secured and are audited on

        in Alerts, PKI, SSL
    0
  • Is Your SSL Server Vulnerable to a FREAK Attack?

    FREAK is a new man-in-the-middle (MITM) vulnerability discovered by a group of cryptographers at INRIA, Microsoft Research and IMDEA . FREAK stands for “Factoring RSA-EXPORT Keys.” As for the “A”, it may be a stand for Apple or Android to be discussed below. The vulnerability dates back to the 1990s, when the US government banned selling crypto software overseas, unless it used

        in Alerts, SSL, SSL Deployment
    0
  • Update – Chrome 41 Release and SHA-1

    When Google Chrome 41 is released, it will treat certificate chains using SHA-1 which are valid past January 1, 2017 as affirmatively insecure. The release date of Chrome 41 is not definitive, but it is expected to be about 6 weeks after Chrome 40. As Chrome 40 was released on January 23, 2015, we expect Chrome 41 to be released

        in Alerts, SSL, SSL Deployment
    0
  • POODLE for TLS

    Part 3 of 3 in the Series — Poodle
    The POODLE attack on SSL 3.0 has now been extended to some implementations of TLS. POODLE for TLS can be tracked through CVE-2014-8730. Adam Langley states that “TLS’s padding is a subset of SSLv3’s padding so, technically, you could use an SSLv3 decoding function with TLS and it would still work fine. It wouldn’t check the padding bytes but that wouldn’t cause

        in Alerts, SSL
    0
  • Update – Chrome 41 Release and SHA-1

    When Google Chrome 41 is released, it will treat certificate chains using SHA-1 which are valid past January 1, 2017 as affirmatively insecure. The release date of Chrome 41 is not definitive, but it is expected to be about 6 weeks after Chrome 40. As Chrome 40 was released on January 23, 2015, we expect Chrome 41 to be released

        in Alerts, SSL, SSL Deployment
    0
  • POODLE for TLS

    Part 3 of 3 in the Series — Poodle
    The POODLE attack on SSL 3.0 has now been extended to some implementations of TLS. POODLE for TLS can be tracked through CVE-2014-8730. Adam Langley states that “TLS’s padding is a subset of SSLv3’s padding so, technically, you could use an SSLv3 decoding function with TLS and it would still work fine. It wouldn’t check the padding bytes but that wouldn’t cause

        in Alerts, SSL
    0
Page 1 of 4123...»»