PHP, Python still fail to spot revoked TLS certificates
In 2012, a group of researchers demonstrated that SSL certificate validation is broken in many applications and libraries, and pointed out the root causes for that situation: …
DROWN attack breaks TLS encryption, one-third of all HTTPS servers vulnerable
There’s a new attack that breaks the communication encryption provided by SSL and TLS and can therefore lead to theft of extremely sensitive data exchanged between users …
Perceptions and buying practices of infosec decision makers
CyberEdge Group surveyed 1,000 IT infosec decision makers and practitioners from 10 countries, five continents, and 19 industries, and unsurprisingly, the news is not good. In …
OpenSSL bug that could allow traffic decryption has been fixed
The OpenSSL Project has pushed out new versions of the widely used OpenSSL cryptographic library, which incorporate patches for two distinct security bugs, and an update of …
SLOTH attacks weaken secure protocols because they still use MD5 and SHA-1
Researchers Karthikeyan Bhargavan and Gaëtan Leurent from INRIA, the French national research institute for computer science, have discovered a new class of transcript …
Ivan Ristic and SSL Labs: How one man changed the way we understand SSL
Ivan Ristic is well-known in the information security world, and his name has become almost a synonym for SSL Labs, a project he started in early 2009. Before that, he was …
SHA-2 encryption will make many sites inaccessible to users who can’t afford newer tech
A group of security researchers has recently announced that it’s highly likely that effective collision attacks that would break SHA-1 encryption will be revealed by the …
Free PCI and NIST compliant SSL test
High-Tech Bridge announced a free online service designed to check SSL/TLS security of a web server. It performs four distinct tests: Test for compliance with NIST Guidelines …
MatrixSSL Tiny: A TLS software implementation for IoT devices
INSIDE Secure announced the availability of MatrixSSL Tiny, the world’s smallest Transport Layer Security (TLS) software implementation, to allow companies to affordably …
OpenSSH bug enables attackers to brute-force their way into poorly configured servers
A vulnerability in the popular secure remote access software OpenSSH can be exploited by attackers to try to brute-force their way into the connection and access …
Mobile SSL failures: More common than they should be
Securing your mobile application traffic is apparently more difficult than it should be, as researchers Anthony Trummer and Tushar Dalvi discovered when looking into SSL/TLS …
Severe OpenSSL bug that allows certificate forgery has been plugged
The wait is over: the OpenSSL Project has issued security updates for the popular open-source implementation of the SSL and TLS protocols, and has shared some details about …