Perceptions and buying practices of infosec decision makers
CyberEdge Group surveyed 1,000 IT infosec decision makers and practitioners from 10 countries, five continents, and 19 industries, and unsurprisingly, the news is not good. In …
OpenSSL bug that could allow traffic decryption has been fixed
The OpenSSL Project has pushed out new versions of the widely used OpenSSL cryptographic library, which incorporate patches for two distinct security bugs, and an update of …
SLOTH attacks weaken secure protocols because they still use MD5 and SHA-1
Researchers Karthikeyan Bhargavan and Gaëtan Leurent from INRIA, the French national research institute for computer science, have discovered a new class of transcript …
Ivan Ristic and SSL Labs: How one man changed the way we understand SSL
Ivan Ristic is well-known in the information security world, and his name has become almost a synonym for SSL Labs, a project he started in early 2009. Before that, he was …
SHA-2 encryption will make many sites inaccessible to users who can’t afford newer tech
A group of security researchers has recently announced that it’s highly likely that effective collision attacks that would break SHA-1 encryption will be revealed by the …
Free PCI and NIST compliant SSL test
High-Tech Bridge announced a free online service designed to check SSL/TLS security of a web server. It performs four distinct tests: Test for compliance with NIST Guidelines …
MatrixSSL Tiny: A TLS software implementation for IoT devices
INSIDE Secure announced the availability of MatrixSSL Tiny, the world’s smallest Transport Layer Security (TLS) software implementation, to allow companies to affordably …
OpenSSH bug enables attackers to brute-force their way into poorly configured servers
A vulnerability in the popular secure remote access software OpenSSH can be exploited by attackers to try to brute-force their way into the connection and access …
Mobile SSL failures: More common than they should be
Securing your mobile application traffic is apparently more difficult than it should be, as researchers Anthony Trummer and Tushar Dalvi discovered when looking into SSL/TLS …
Severe OpenSSL bug that allows certificate forgery has been plugged
The wait is over: the OpenSSL Project has issued security updates for the popular open-source implementation of the SSL and TLS protocols, and has shared some details about …
Amazon releases new, easily auditable TLS implementation
A new, open source implementation of the TLS encryption protocol has been unveiled by Amazon Web Services.Dubbed s2n (shorthand for “signal to noise”), the library …
TLS security: What really matters and how to get there
Deploying TLS securely is getting more complicated, rather than less. One possibility is that, with so much attention on TLS and many potential issues to consider, we’re …
