Collaborate Disseminate
Bad news: there’s a vulnerability in TLS 1.2. Good news: researchers say it’s “very hard to exploit” and major vendors have already released security patches for it. A team of…
The post Raccoon Attack: Researchers Find A Vulnerability in TLS 1.2 app… Continue reading Raccoon Attack: Researchers Find A Vulnerability in TLS 1.2
I’m excited to announce that I will be presenting at this year’s Black Hat Asia about my research into detecting and exploiting CBC padding oracles! Zombie POODLE and GOLDENDOODLE are the names I’ve given to the vulnerabilities I̵… Continue reading Introducing Zombie POODLE and GOLDENDOODLE
A2SV is a Python-based SSL Vulnerability focused tool that allows for auto-scanning and detection of the common and well-known SSL Vulnerabilities.
SSL Vulnerabilities Detected by A2SV
Planned for future:
Installation & Requirements for A2SV
A.
Continue reading A2SV – Auto Scanning SSL Vulnerability Tool For Poodle & Heartbleed
Google, through Google Domains, operates many TLDs, and this week said it would begin enforcing HSTS on those TLDs. HSTS forces secure client connections over HTTPS. Continue reading Google to Enforce HSTS on TLDs it Operates
Google will next week begin a gradual deprecation of unsafe crypto protocol SSLv3 and cipher RC4 in Gmail IMAP/POP clients. Continue reading Google To Deprecate SSLv3, RC4 in Gmail IMAP/POP Clients
Does it help to give a vulnerability a slick-sounding name and fancy logo? Or is it giving us “glamour vulnerability fatigue”? Continue reading Heartbleed, ImageTragick, Badlock – Are we facing a named vulnerability backlash?
But the agency fixed the issue after Motherboard reported it. Continue reading OPM Left Internal System Vulnerable to a Known Attack for Weeks