Warning: Sorry, this post is way more technical than most of my posts. If you are an executive reading this, you may want to show this to your security or IT folks and ask “how are we handling this?”. They should be able to explain that to you in English. Incident response is all about […]
Continue reading → [DISPLAY_ACURAX_ICONS]Merchants want you to believe that HTTPS equals secure. I keep saying that it doesn’t. Here is another story for my side of the argument. First, a little background. If a web site want to support HTTPS (also known as SSL or TLS), they need to have a certificate. The certificate is used as part […]
Continue reading → [DISPLAY_ACURAX_ICONS]SSL and TLS, the security protocols that protect most of our banking and ecommerce transactions is a complicated beast – more so due to the the many options it offers. ars technica in an article titled “Noose around Internet’s TLS system tightens with two new decryption attacks”, discussed a paper presented at Black Hat Asia that describes […]
Continue reading → [DISPLAY_ACURAX_ICONS]