As I have been writing about lately, the browser makers, Google and Firefox – and to a much lesser extent Microsoft, are pushing the envelope to get web site operators to switch to always on SSL (AKA HTTPS). Well, that is a good start, but certainly not the end game. Why do they care? Because […]
Continue reading → [DISPLAY_ACURAX_ICONS]Symantec, who is already on probation for issuing inappropriate SSL certificates, issued more than a hundred additional “illegit” certificates. SSL certificates – more technically TLS certificates – are the bits of technology required to make those “secure” web sites work. Certificates are issued by certificate authorities (CAs) – organizations who have supposedly set up processes […]
Continue reading → [DISPLAY_ACURAX_ICONS]Merchants want you to believe that HTTPS equals secure. I keep saying that it doesn’t. Here is another story for my side of the argument. First, a little background. If a web site want to support HTTPS (also known as SSL or TLS), they need to have a certificate. The certificate is used as part […]
Continue reading → [DISPLAY_ACURAX_ICONS]SSL and TLS, the security protocols that protect most of our banking and ecommerce transactions is a complicated beast – more so due to the the many options it offers. ars technica in an article titled “Noose around Internet’s TLS system tightens with two new decryption attacks”, discussed a paper presented at Black Hat Asia that describes […]
Continue reading → [DISPLAY_ACURAX_ICONS]While every single bank and ecommerce provider tells you that SSL (or HTTPS) is wonderful and fully protects you, unless they are on drugs, they don’t really believe that. From their perspective, the risk is manageable and they would rather reimburse you if you can prove their SSL connection leaked AND cost you money than […]
Continue reading → [DISPLAY_ACURAX_ICONS]Der Spiegel wrote an article on efforts by the NSA and GCHQ (their British equivalent) to crack encryption of various sorts. Take the article at what it is worth; it is based on documents that Snowden released, so it is a little bit old. I apologize that this post is pretty long, but there is […]
Continue reading → [DISPLAY_ACURAX_ICONS]