Articles Tagged with "SSL"


From the Web

FireSheep

November 16, 2010 from: Rsnake's blog at ha.ckers.org

I [Rsnake] go back and forth on whether I think FireSheep is interesting or not. Clearly, it’s old technology re-hashed. But it is interesting not because it works, but that it surprises people that it works. We’ve been talking about these problems forever, and now companies are scrambling to protect themselves. I guess the threat isn’t real until every newbie on earth has access to the hack...

Comments  (0)


From the Web

HTTP Strict Transport Security

October 06, 2010 from: Mozilla Security Blog

A while ago, we talked about Force-TLS that lets sites say “hey, only access me over HTTPS in the future” and the browser listens. Well, this idea has been solidifed into a draft spec for HTTP Strict Transport Security (HSTS) and we’ve landed support for it into our source tree. This means that HSTS will be shipped with Firefox 4, and will be deployed as soon as the next beta release.

Comments  (0)


From the Web

DNSSEC + Certs As a Replacement For SSL’s Transport Security

October 15, 2009 from: Rsnake's blog at ha.ckers.org

RSnake discusses the feasability of using DNSSEC to provide transport-layer security in a more reliable fashion than the current SSL Certificate Authority site authentication model.

Comments  (0)


From the Web

MD5 Weaknesses Could Lead to Certificate Forgery

July 10, 2009 from: Mozilla Security Blog

Researchers have recently found weaknesses in the MD5 hash algorithm, relied on by some SSL certificates. Using these weaknesses, an attacker could obtain fraudulent SSL certificates for websites they don’t legitimately control.

Comments  (0)