Attack
All the major browsers provide “security user interface”, meaning visual elements to inform the user of the security of their connection to the web page they’re visiting. Up until …
FREAK is a new man-in-the-middle (MITM) vulnerability discovered by a group of cryptographers at INRIA, Microsoft Research and IMDEA. FREAK stands for “Factoring RSA-EXPORT Keys.” …
Lenovo is selling computers that contain the Superfish application which “supplements” the user’s SSL sessions to enable their adware application to deliver content transparently; …
In accordance with the CA/Browser Forum Baseline Requirements, effective April 1, 2015, Certificate Authorities (CAs) will no longer be able to issue SSL Certificates with a …
It was recently disclosed that Gogo, a provider of Wi-Fi Internet services on commercial aircraft, has been issuing spoofed SSL certificates for Google sites that were viewed by …
Looking Back at 2014 End of 1024-Bit Security In 2014, the SSL industry moved to issuing a minimum security of 2048-bit RSA certificates. Keys smaller than …
SSL/TLS
The POODLE attack on SSL 3.0 has now been extended to some implementations of TLS. POODLE for TLS can be tracked through CVE-2014-8730. POODLE is not a flaw with the certificate …
The holidays are approaching as quickly as a sleigh pulled by magic reindeer, and every year it seems like the shopping season starts earlier and earlier. In many places, Christmas …
Vulnerability
In October 2014, Google announced POODLE, an SSL 3.0 protocol attack. To bring you up to speed, the SSL/TLS protocol is the most important and popular security protocol on the …
SHA-1 is a cryptographic hash algorithm that is most commonly used today in TLS/SSL certificates on the Internet. It has almost completely replaced older algorithms like MD2, MD4 …
