Blog Posts Tagged with "TLS"


The Current State of Insecurity: Strategies for Inspecting SSL Traffic

April 17, 2015 Added by:Kasey Cross

Encrypted network traffic improves confidentiality and message integrity, but it also puts organizations at risk. This is because hackers can leverage encryption to conceal their exploits from security devices that do not inspect SSL traffic. Attackers are wising up and taking advantage of this gap in corporate defenses.

Comments  (0)


SSL Wars – Little New Hope

March 28, 2013 Added by:Gary McCully

I thought it was time to write an update regarding the current state of websites that are using SSL/TLS to protect their web applications. Sadly, the current state of SSL/TLS is pretty pathetic. As of March 19, 2013 the SSL Pulse Project reported that many of the most popular sites on the Internet are still struggling with correctly implementing SSL!

Comments  (0)


OTA Advocates Always On SSL

March 05, 2012 Added by:Headlines

Online Trust Alliance (OTA) is calling on the security, business and interactive advertising communities to adopt Always On SSL (AOSSL), the approach of using SSL/TLS across your entire website to protect users with persistent security, from arrival to login to logout...

Comments  (0)


Web Authentication: A Broken Trust with No Easy Fix

January 30, 2012 Added by:Infosec Island Admin

Systemic weaknesses and a general lack of oversight governing the process used to issue digital certificates, key to the standards used to validate legitimate websites, prompted some security experts to wonder if the system may be hopelessly ineffective...

Comments  (0)


Securing Mobile Data Communications

November 17, 2011 Added by:Steven Fox, CISSP, QSA

The selection of encryption algorithms to support a mobile device will be determined by data classification considerations and business requirements. Several vendors in the defense industry are developing FIPS 140-2 validated devices to support applications used by the DoD and NSA...

Comments  (0)


Penetration Testing Tools Update: New Version of EAPeak Released

October 15, 2011 Added by:Spencer McIntyre

EAPeak is a suite of open source tools to facilitate auditing of wireless networks that utilize the Extensible Authentication Protocol framework for authentication. It provides useful information relating to the security of these networks for PenTesters to use in searching for vulnerabilities...

Comments  (0)


When is "Secure File Transfer" Not Secure?

October 13, 2011 Added by:Jonathan Lampe

File transfer utilities copy files from point A to point B and many even use point-to-point transport technologies such as SSL/TLS or SSH. However, transport-level level encryption is rarely enough to provide the assurance required to comply with regulations, expectations or company policies...

Comments  (0)


Should You Fear the BEAST?

September 29, 2011 Added by:f8lerror

BEAST is a Man-In-The-Middle (MitM) attack that injects plain text into the encrypted stream sent by the victim's browser via JavaScript during a MitM attack. Using injected plain text and the encrypted results, BEAST can eventually decrypt the entire HTTPS request and cookies...

Comments  (0)


Microsoft Workaround for the SSL/TLS Vulnerability

September 28, 2011 Added by:Headlines

"If the user closes all existing HTTP tabs and untrusted HTTPS tabs, then browses to the trusted HTTPS site... and logs out of that HTTPS session before browsing any other HTTP sites or untrusted HTTPS sites, the user will NOT be at risk for this attack..."

Comments  (0)


BEAST Emerges: Browser Exploit Against SSL/TLS

September 26, 2011 Added by:Headlines

"Cookie[s] [are] encrypted so that an attacker can't grab it and use it himself on your online banking site and impersonate you. But now they are able to decrypt those cookies on the fly and then hijack that session with the secure site and effectively impersonate you..."

Comments  (3)


Webcast: The State of SSL on the Internet

June 20, 2011 Added by:Sasha Nunke

The SSL (TLS) protocol is the security backbone of the Internet, but surprisingly little is known about how it is deployed. This session will present the results of the first publicly available survey aimed at assessing the state of SSL. It will also provide documentation and free tools...

Comments  (0)


The FireSheep Dilemma - Encrypt Everything?

November 09, 2010 Added by:Rafal Los

If the release of FireSheep has done nothing else - it has certainly demonstrated to people that HTTPS (encryption) is necessary well beyond the login page. Sounds easy enough right? Just "SSL the whole site"? Actually, no. It's not that simple...

Comments  (5)


Are you Using or Abusing Digital Certificates?

June 28, 2010 Added by:Ron Lepofsky

Digital certificates were originally designed to help authenticate, provide non repudiation, and to sometimes ensure integrity and confidentiality for written communication.  They of course became the rage for securing Internet based transactions.

Comments  (5)