Blog Posts Tagged with "TLS"

7e364bbac217114a59e547b354e7f7ad

SSL Wars – Little New Hope

March 28, 2013 Added by:Gary McCully

I thought it was time to write an update regarding the current state of websites that are using SSL/TLS to protect their web applications. Sadly, the current state of SSL/TLS is pretty pathetic. As of March 19, 2013 the SSL Pulse Project reported that many of the most popular sites on the Internet are still struggling with correctly implementing SSL!

Comments  (0)

69dafe8b58066478aea48f3d0f384820

OTA Advocates Always On SSL

March 05, 2012 Added by:Headlines

Online Trust Alliance (OTA) is calling on the security, business and interactive advertising communities to adopt Always On SSL (AOSSL), the approach of using SSL/TLS across your entire website to protect users with persistent security, from arrival to login to logout...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

Web Authentication: A Broken Trust with No Easy Fix

January 30, 2012 Added by:Infosec Island Admin

Systemic weaknesses and a general lack of oversight governing the process used to issue digital certificates, key to the standards used to validate legitimate websites, prompted some security experts to wonder if the system may be hopelessly ineffective...

Comments  (0)

Bddcc5065237c686cb4d89dba8b276f2

Securing Mobile Data Communications

November 17, 2011 Added by:Steven Fox, CISSP, QSA

The selection of encryption algorithms to support a mobile device will be determined by data classification considerations and business requirements. Several vendors in the defense industry are developing FIPS 140-2 validated devices to support applications used by the DoD and NSA...

Comments  (0)

759c37c6aff04cd46262f93652b5fad5

Penetration Testing Tools Update: New Version of EAPeak Released

October 15, 2011 Added by:Spencer McIntyre

EAPeak is a suite of open source tools to facilitate auditing of wireless networks that utilize the Extensible Authentication Protocol framework for authentication. It provides useful information relating to the security of these networks for PenTesters to use in searching for vulnerabilities...

Comments  (0)

85612d572d689128ab07f369ff934d02

When is "Secure File Transfer" Not Secure?

October 13, 2011 Added by:Jonathan Lampe

File transfer utilities copy files from point A to point B and many even use point-to-point transport technologies such as SSL/TLS or SSH. However, transport-level level encryption is rarely enough to provide the assurance required to comply with regulations, expectations or company policies...

Comments  (0)

71d85bb5d111973cb65dfee3d2a7e6c9

Should You Fear the BEAST?

September 29, 2011 Added by:f8lerror

BEAST is a Man-In-The-Middle (MitM) attack that injects plain text into the encrypted stream sent by the victim's browser via JavaScript during a MitM attack. Using injected plain text and the encrypted results, BEAST can eventually decrypt the entire HTTPS request and cookies...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Microsoft Workaround for the SSL/TLS Vulnerability

September 28, 2011 Added by:Headlines

"If the user closes all existing HTTP tabs and untrusted HTTPS tabs, then browses to the trusted HTTPS site... and logs out of that HTTPS session before browsing any other HTTP sites or untrusted HTTPS sites, the user will NOT be at risk for this attack..."

Comments  (0)

69dafe8b58066478aea48f3d0f384820

BEAST Emerges: Browser Exploit Against SSL/TLS

September 26, 2011 Added by:Headlines

"Cookie[s] [are] encrypted so that an attacker can't grab it and use it himself on your online banking site and impersonate you. But now they are able to decrypt those cookies on the fly and then hijack that session with the secure site and effectively impersonate you..."

Comments  (3)

6429389c5e8a4c9555be876f8484331a

Webcast: The State of SSL on the Internet

June 20, 2011 Added by:Sasha Nunke

The SSL (TLS) protocol is the security backbone of the Internet, but surprisingly little is known about how it is deployed. This session will present the results of the first publicly available survey aimed at assessing the state of SSL. It will also provide documentation and free tools...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

The FireSheep Dilemma - Encrypt Everything?

November 09, 2010 Added by:Rafal Los

If the release of FireSheep has done nothing else - it has certainly demonstrated to people that HTTPS (encryption) is necessary well beyond the login page. Sounds easy enough right? Just "SSL the whole site"? Actually, no. It's not that simple...

Comments  (5)

5a432ca05467666d90425b7b869c5003

Are you Using or Abusing Digital Certificates?

June 28, 2010 Added by:Ron Lepofsky

Digital certificates were originally designed to help authenticate, provide non repudiation, and to sometimes ensure integrity and confidentiality for written communication.  They of course became the rage for securing Internet based transactions.

Comments  (5)