SSL - News, Features, and Slideshows

News

  • Xtra users should change settings to access email: Telecom

    From this Monday (17 March) some Xtra email users may need to change their account settings before they can access their email accounts on third party email clients, as Yahoo and Telecom apply an additional encryption setting to Yahoo Xtra email.

  • Certificate Authorities Form Group to Educate on SSL Best Practices

    Responding to the increasing number of threats aimed at certificate authorities and the ecosystem of trusted online transactions they represent, seven certificate authorities have come together to form an advocacy group to advance security standards and promote best practices.

  • SSL certificate authorities vs. ???

    With all the publicity about breaches of <a href="http://www.networkworld.com/news/2011/081811-ssl-249874.html">SSL certificate authorities</a> and a hack that exploits a vulnerability in the supposedly secure protocol, it's time to consider something else to protect Internet transactions. If only there were something else to turn to.

  • SSL certificate industry should be replaced: security specialist

    The SSL certificate authorities like Comodo that have had their security undermined by hackers shouldn't be trusted, and in fact, the way the entire SSL certificate industry of today works can and should be replaced with something better, says Moxie Marlinspike, a security expert who's come up with a plan he says will do that.

  • Microsoft offers ideas for users to beat the BEAST threat

    Microsoft is urging customers to update vulnerable versions of SSL to a newer one that is not susceptible to a recently published exploit called BEAST, but in the meantime it recommends steps that lessen the risk of being victimized.

  • Red alert: HTTPS has been hacked

    Only a handful of exploits per decade reveal a vulnerability that is truly significant. Thai Duong and Juliano Rizzo's BEAST (Browser Exploit Against SSL/TLS) attack will rank among them because it compromises the SSL and TLS browser connections hundreds of millions of people rely on every day.
    BEAST cannot break the latest version of TLS &#8212; the current standard based on SSL &#8212; but most browsers and nearly all websites that support secure connections rely on earlier versions of the SSL and TLS protocols, which are vulnerable to BEAST attack. Browser vendors and websites that host secure connections are already scrambling to upgrade to TLS 1.1 or 1.2. How quickly that occurs depends on how many attacks occur in the wild.
    The BEAST tool, presented last Friday at the 2011 Ekoparty Security Conference in Argentina, made real a theoretical SSL/TLS vulnerability first documented 10 years ago. It allows an attacker with previous MitM (man-the-middle) access to compromise a user's SSL/TLS-protected HTTPS cookie. This would allow an attacker to hijack the victim's active HTTPS-protected session or listen in on the previously cryptographically protected network stream. (Download Duong and Rizzo's paper on the BEAST attack [pdf])
    MitM attacks are fairly easy to do when the attacker and victim are located on the same local network (such as wireless networks, VPNs, or corporate LANs). Some hacking tools, such as Cain &amp; Abel, make MitM attacks and network packet sniffing truly a click of a button.
    An old flaw turns critical

  • Get your money for nothing, get your certs for free

    A new <a href="http://www.networkworld.com/news/2011/033011-usenix-ssl-offloader.html">SSL</a> certificate authority squeezes so much overhead out of supplying certs that it plans to give them away starting next month and to continue at least through the end of the year.

  • Researchers' SSL offloader costs fraction of commercial hardware

    Off-the-shelf graphic processing units can perform <a href="http://www.networkworld.com/news/2011/032611-in-iran-new-attack-escalates.html">SSL acceleration</a> as fast as high-end commercial SSL hardware at a fraction of the cost, according to researchers in Korea and the U.S.

[]