Blog Posts Tagged with "TLS"
March 28, 2013 Added by:Gary McCully
I thought it was time to write an update regarding the current state of websites that are using SSL/TLS to protect their web applications. Sadly, the current state of SSL/TLS is pretty pathetic. As of March 19, 2013 the SSL Pulse Project reported that many of the most popular sites on the Internet are still struggling with correctly implementing SSL!
March 05, 2012 Added by:Headlines
Online Trust Alliance (OTA) is calling on the security, business and interactive advertising communities to adopt Always On SSL (AOSSL), the approach of using SSL/TLS across your entire website to protect users with persistent security, from arrival to login to logout...
January 30, 2012 Added by:Infosec Island Admin
Systemic weaknesses and a general lack of oversight governing the process used to issue digital certificates, key to the standards used to validate legitimate websites, prompted some security experts to wonder if the system may be hopelessly ineffective...
November 17, 2011 Added by:Steven Fox, CISSP, QSA
The selection of encryption algorithms to support a mobile device will be determined by data classification considerations and business requirements. Several vendors in the defense industry are developing FIPS 140-2 validated devices to support applications used by the DoD and NSA...
October 15, 2011 Added by:Spencer McIntyre
EAPeak is a suite of open source tools to facilitate auditing of wireless networks that utilize the Extensible Authentication Protocol framework for authentication. It provides useful information relating to the security of these networks for PenTesters to use in searching for vulnerabilities...
October 13, 2011 Added by:Jonathan Lampe
File transfer utilities copy files from point A to point B and many even use point-to-point transport technologies such as SSL/TLS or SSH. However, transport-level level encryption is rarely enough to provide the assurance required to comply with regulations, expectations or company policies...
September 29, 2011 Added by:f8lerror
September 28, 2011 Added by:Headlines
"If the user closes all existing HTTP tabs and untrusted HTTPS tabs, then browses to the trusted HTTPS site... and logs out of that HTTPS session before browsing any other HTTP sites or untrusted HTTPS sites, the user will NOT be at risk for this attack..."
September 26, 2011 Added by:Headlines
"Cookie[s] [are] encrypted so that an attacker can't grab it and use it himself on your online banking site and impersonate you. But now they are able to decrypt those cookies on the fly and then hijack that session with the secure site and effectively impersonate you..."
June 20, 2011 Added by:Sasha Nunke
The SSL (TLS) protocol is the security backbone of the Internet, but surprisingly little is known about how it is deployed. This session will present the results of the first publicly available survey aimed at assessing the state of SSL. It will also provide documentation and free tools...
November 09, 2010 Added by:Rafal Los
If the release of FireSheep has done nothing else - it has certainly demonstrated to people that HTTPS (encryption) is necessary well beyond the login page. Sounds easy enough right? Just "SSL the whole site"? Actually, no. It's not that simple...
June 28, 2010 Added by:Ron Lepofsky
Digital certificates were originally designed to help authenticate, provide non repudiation, and to sometimes ensure integrity and confidentiality for written communication. They of course became the rage for securing Internet based transactions.
Education Sector is Failing Security... Mike Erik on 01-26-2015
Paying Lip Service (Mostly) to User Educatio... Mike Erik on 01-26-2015
Join the Security Intelligence Network on Li... Robin Joan on 01-25-2015