Tag Archives: MITM

Bogus SSL Certificates

February 16, 2014 by Bruce Morton     No Comments

Netcraft has published an article stating they have found many bogus SSL certificates. In this case, a bogus certificate is self-signed (i.e., not issued from a legitimate certification authority) and replicates an SSL certificate of a large, popular website. This type of bogus SSL certificate could be used for a man-in-the-middle (MITM) attack. In this [Read More...]

Filed Under: Digital Certificates, SSL Tagged With: MITM, Public Key Pinning, SSL

Why Your Network is Failing to Stop Malware

October 1, 2013 by Entrust, Inc.     No Comments

The network of your enterprise is outfitted with antivirus and firewall software to help safeguard against certain types of malware. This software stops most common strands of malware from entering your system and wreaking havoc on your network and devices. But is it enough? While this type of protection is quite useful for eliminating the [Read More...]

Filed Under: Malware Tagged With: malware, MITB, MITM

Firefox to Block Mixed Content

May 2, 2013 by Bruce Morton     No Comments

Website owners who have mixed-content pages will surely be impacted and should make changes. Along with Firefox, Internet Explorer, Chrome and Opera already block mixed content. This means the users of the site will get trust warnings or the browser’s security indication (i.e., lock icon) may not be present.

SSL Fingerprints

April 17, 2013 by Bruce Morton     No Comments

GRC has created HTTPS/SSL Fingerprints. This service allows you to check whether or not your enterprise is performing MITM on the SSL secured site that you are trying to reach. It compares the certificate fingerprint to what you would receive to the fingerprint that they receive by going direct. If they are the same, the certificate is authentic and you have no problem. If they are different, then it is likely that someone is performing MITM on your SSL connection.

TURKTRUST Unauthorized CA Certificates

January 4, 2013 by Bruce Morton     No Comments

Although unrelated to Entrust, I thought you might be interested in the news about TURKTRUST.