Mozilla Patches Certificate Pinning Vulnerability in Firefox

A remote code execution in Firefox caused by the expiration of certificate pins was patched by Mozilla in Firefox 49 and Firefox ESR 45.4. Continue reading Mozilla Patches Certificate Pinning Vulnerability in Firefox

Is SSL Interception possible without disabling Public Key Pinning on the client side?

I’m currently setting up a pfSense firewall in my lab. It supports SSL Inception which works pretty well for most sites.

But there are some sites which use HTTP Public Key Pinning to prevent MitM attacks and this is a real … Continue reading Is SSL Interception possible without disabling Public Key Pinning on the client side?