Gobs of Routers Found to Be Vulnerable to FREAK Attack Leave it to the Brits. Some researchers from Royal Holloway of the University of London were curious about how many devices they could find on the internet that were still vulnerable to a FREAK attack. The » Continue Reading.
Tag: SSL Vulnerability
We’ve talked a lot about how to secure a website online in the past. Today, we’re going to take a look at information security a little differently. Earlier this year, Moonpig (an electronic greeting card company) got a bit of bad press about their security » Continue Reading.
Microsoft, Google and Mozilla have all announced various plans to stop supporting SHA-1 SSL certificates after January 1, 2017. As a result, SSL.com began issuing SSL certificates using only SHA-2 (aka SHA-256) as the default hashing algorithm starting September 24, 2014. There are no special flags » Continue Reading.
Earlier this week, Chad Brubaker, Android Security Engineer, posted to the Google Online Security Blog about nogotofail, a new tool Google is releasing to help people test whether or not their network is safe and secure. Lucian Constantin at Info World has a decent write-up about nogotofail, but » Continue Reading.
SSL 3.0 Poodle POODLE == (Padding Oracle On Downgraded Legacy Encryption) As you should probably know by now, a somewhat nasty SSL 3.0 bug has been revealed. The news is causing a lot of waves online, but the important question is whether or not a patch » Continue Reading.
Not using SSL / TLS Correctly Can Lead to Vulnerabilities US Computer Emergency Response (CERT) security pro Will Dormann recently told The Register that around 350 apps using Android are failing to validate SSL certificates over secure sockets layer (SSL), which leaves them vulnerable to » Continue Reading.
Yes, Heartbleed came to light months ago, but recent reports have shown that over 30,000 websites are still at risk from the bug that had webmasters and IT staff scrambling when information about it was first released. The process of protecting against the bug was » Continue Reading.
According to the Register, “Another RAT crawls out of the malware drain.” The short article is about a new banking trojan that can steal sensitive data from people using Internet Explorer, Chrome or Firefox browsers. PhishMe and CSIS (Center for Strategic and International Studies) have » Continue Reading.
As you may or may not know, a recent vulnerability known as ‘Heartbleed’ was discovered in an OpenSSL which could theoretically allow an attacker to steal the private keys of SSL certificates.