Installing an SSL Certificate on the modern (> 0.7.14) nginx platform is quite easy. Locate the server block for your website. Add a listen directive for your secure port and add the ssl Add the ssl_certificate directive; the parameter is the full path to » Continue Reading.
Configuring Apache to Disable SSL v 3.0 The Apache HTTP Server is configured by placing directives in plain text configuration files. The main configuration file is usually called httpd.conf, and it is easy to update the Apache web server to disable SSLv3 (and thus protect your websites » Continue Reading.
House of Cards a Solid Foundation for Netflix Netflix HTTPS Coming Soon Prices for Netflix stock have been going up because the company is doing so well, especially with the coveted 18 to 34 year old demographic. With original programming like House of Cards, Orange » Continue Reading.
Gobs of Routers Found to Be Vulnerable to FREAK Attack Leave it to the Brits. Some researchers from Royal Holloway of the University of London were curious about how many devices they could find on the internet that were still vulnerable to a FREAK attack. The » Continue Reading.
A protocol is simply a set of rules or instructions that determine how to act or interact in a given situation. A cryptographic protocol is designed to allow secure communication under a given set of circumstances. The cryptographic protocol most familiar to internet users is » Continue Reading.
Microsoft, Google and Mozilla have all announced various plans to stop supporting SHA-1 SSL certificates after January 1, 2017. As a result, SSL.com began issuing SSL certificates using only SHA-2 (aka SHA-256) as the default hashing algorithm starting September 24, 2014. There are no special flags » Continue Reading.
Black Friday and Cyber Monday are almost here, so we thought we’d share some tips to make sure you stay safe whether you’re shopping online or offline in the real world. If you remember, quite a few large box stores, including, ironically, Target, were compromised » Continue Reading.
Earlier this week, Chad Brubaker, Android Security Engineer, posted to the Google Online Security Blog about nogotofail, a new tool Google is releasing to help people test whether or not their network is safe and secure. Lucian Constantin at Info World has a decent write-up about nogotofail, but » Continue Reading.
SHA1 SSL Certificates This is a question we get frequently, so we thought we’d put together a page that explains why some testing sites are starting to flag SHA1 as “weak.” Various SSL Labs sites are available that will give you a rundown of what you’re » Continue Reading.