Blog Posts Tagged with "SSL"

69dafe8b58066478aea48f3d0f384820

OTA Advocates Always On SSL

March 05, 2012 Added by:Headlines

Online Trust Alliance (OTA) is calling on the security, business and interactive advertising communities to adopt Always On SSL (AOSSL), the approach of using SSL/TLS across your entire website to protect users with persistent security, from arrival to login to logout...

Comments  (0)

959779642e6e758563e80b5d83150a9f

Encryption: A Buzzword, Not a Silver Bullet

February 16, 2012 Added by:Danny Lieberman

Encryption, buzzword, not a silver bullet for protecting data on your servers. In order to determine how encryption fits into server data protection, consider four encryption components on the server side: passwords, tables, partitions and inter-tier socket communications...

Comments  (0)

7ddc1f3000a13e4dfec28074e9e7b658

Researchers Discover Widespread Cryptographic Vulnerabilities

February 15, 2012 Added by:Electronic Frontier Foundation

The consequences of these vulnerabilities are extremely serious. In all cases, a weak key would allow an eavesdropper on the network to learn confidential information, such as passwords or the content of messages, exchanged with a vulnerable server...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Twitter Finally Enables HTTPS as a Default Setting

February 14, 2012 Added by:Headlines

Among other security benefits, the HTTPS feature will prevent users from having their login credentials stolen by attackers who may attempt to harvest passwords when users access their accounts over unencrypted Wi-Fi networks...

Comments  (0)

03b2ceb73723f8b53cd533e4fba898ee

VeriSign Hacked - But Why?

February 03, 2012 Added by:Plagiarist Paganini

The impairment of these mechanisms could lead to the redirection of traffic to bogus sites with serious consequences - and not just that - the compromise of the Digital Certificate model itself raises the risk for the interception of emails and confidential documents...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

Web Authentication: A Broken Trust with No Easy Fix

January 30, 2012 Added by:Infosec Island Admin

Systemic weaknesses and a general lack of oversight governing the process used to issue digital certificates, key to the standards used to validate legitimate websites, prompted some security experts to wonder if the system may be hopelessly ineffective...

Comments  (0)

6d1c762d9c16395a7e258d098091ee00

Cyber Defense: Welcome to 2012 and Interesting Times

January 05, 2012 Added by:Cyber Defense Weekly

2011 was the year that state sponsored hacking finally came to national attention with hundreds of articles exposing the continued industrial and military cyber espionage credited to the likes of China and Russia. We can be sure that 2012 will bring more of the same...

Comments  (0)

7ddc1f3000a13e4dfec28074e9e7b658

Ever-Clearer Vulnerabilities in Certificate Authority System

January 03, 2012 Added by:Electronic Frontier Foundation

At EFF we are big fans of HTTPS, the secure version of HTTP that allows for private conversations between websites and users who are browsing them. Though we've known that this system has been flawed for a while now, last year there were two attacks that acutely demonstrated just how brittle it is...

Comments  (0)

Fe3139b2aae983885565da7757da08a8

Chrome Most Secure? Depends on Your Frame of Reference

December 21, 2011 Added by:Ed Moyle

Until recently Chrome supported SSL 2.0 by default (seems like a major no-no in my humble opinion) and the fact that Firefox is the only one of the big three to have OCSP checking enabled by default. This aspect of "browsing security" is a "score one" for Firefox in my estimation...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Consortium Issues Baseline Requirements for SSL

December 20, 2011 Added by:Headlines

"The primary goal of these Requirements is to enable efficient and secure electronic communication, while addressing user concerns about the trustworthiness of Certificates. The Requirements also serve to inform users and help them to make informed decisions when relying on Certificates..."

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Top Seven Emerging Security Trends from 2011

December 15, 2011 Added by:Headlines

Issues gaining attention over the past year include the weakening of the digital certificate authorities, surges in malware targeting mobile devices, designer malware, and the rash of corporate network breaches - be they by hacktivists, nation-state supported hackers, or criminal syndicates...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

ENISA Releases DigiNotar Report: Operation Black Tulip

December 06, 2011 Added by:Headlines

"The Diginotar attack was an attack on the foundations of secure electronic communications (email, web browsing, web services). The above-mentioned issues should be addressed by industry and governments, to guarantee the security of service in the digital society..."

Comments  (0)

B09c361cbdc6cf629affdc7db30a186d

Securing Mobile Data Communications

November 17, 2011 Added by:Steven Fox, CISSP, QSA

The selection of encryption algorithms to support a mobile device will be determined by data classification considerations and business requirements. Several vendors in the defense industry are developing FIPS 140-2 validated devices to support applications used by the DoD and NSA...

Comments  (0)

85612d572d689128ab07f369ff934d02

When is "Secure File Transfer" Not Secure?

October 13, 2011 Added by:Jonathan Lampe

File transfer utilities copy files from point A to point B and many even use point-to-point transport technologies such as SSL/TLS or SSH. However, transport-level level encryption is rarely enough to provide the assurance required to comply with regulations, expectations or company policies...

Comments  (0)

8b5e0b54dfecaa052afa016cd32b9837

IPv6 - The Death of SSL

October 04, 2011 Added by:Craig S Wright

When IPv6 finally becomes the norm, IPSec will become ubiquitous. It will be deployed far wider than SSL. As for being as good or better than SSL, well SSL is flawed. It was from the start and it remains flawed. This point is moot as it would be difficult to make the protocol worse...

Comments  (10)

71d85bb5d111973cb65dfee3d2a7e6c9

Should You Fear the BEAST?

September 29, 2011 Added by:f8lerror

BEAST is a Man-In-The-Middle (MitM) attack that injects plain text into the encrypted stream sent by the victim's browser via JavaScript during a MitM attack. Using injected plain text and the encrypted results, BEAST can eventually decrypt the entire HTTPS request and cookies...

Comments  (0)

Page « < 1 - 2 - 3 - 4 - 5 > »