Explained: How New ‘Delegated Credentials’ Boosts TLS Protocol Security

Mozilla, in partnership with Facebook, Cloudflare, and other IETF community members, has announced technical specifications for a new cryptographic protocol called “Delegated Credentials for TLS.”

Delegated Credentials for TLS is a new simplified way … Continue reading Explained: How New ‘Delegated Credentials’ Boosts TLS Protocol Security

testssl.sh – Test SSL Security Including Ciphers, Protocols & Detect Flaws

testssl.sh is a free command line tool to test SSL security, it checks a server’s service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws and more.

testssl.sh is pretty much portable/compatible. It is w… Continue reading testssl.sh – Test SSL Security Including Ciphers, Protocols & Detect Flaws

Security Flaw Left Major Banking Apps Vulnerable to MiTM Attacks Over SSL

A team of security researchers has discovered a critical implementation flaw in major mobile banking applications that left banking credentials of millions of users vulnerable to hackers.

The vulnerability was discovered by researchers of the Security… Continue reading Security Flaw Left Major Banking Apps Vulnerable to MiTM Attacks Over SSL

A2SV – Auto Scanning SSL Vulnerability Tool For Poodle & Heartbleed

A2SV – Auto Scanning SSL Vulnerability Tool For Poodle & Heartbleed

A2SV is a Python-based SSL Vulnerability focused tool that allows for auto-scanning and detection of the common and well-known SSL Vulnerabilities.

SSL Vulnerabilities Detected by A2SV

  • [CVE-2007-1858] Anonymous Cipher
  • [CVE-2012-4929] CRIME(SPDY)
  • [CVE-2014-0160] CCS Injection
  • [CVE-2014-0224] HeartBleed
  • [CVE-2014-3566] SSLv3 POODLE
  • [CVE-2015-0204] FREAK Attack
  • [CVE-2015-4000] LOGJAM Attack
  • [CVE-2016-0800] SSLv2 DROWN

Planned for future:

  • [PLAN] SSL ACCF
  • [PLAN] SSL Information Analysis

Installation & Requirements for A2SV

A.

Read the rest of A2SV – Auto Scanning SSL Vulnerability Tool For Poodle & Heartbleed now! Only available at Darknet.

Continue reading A2SV – Auto Scanning SSL Vulnerability Tool For Poodle & Heartbleed

sslscan – Detect SSL Versions & Cipher Suites (Including TLS)

sslscan is a very efficient C program that allows you to detect SSL versions & cipher suites (including TLS) and also checks for vulnerabilities like Heartbleed and POODLE. A useful tool to keep around after you’ve set-up a server to check the SSL configuration is robust. Especially if you’re in an Internet limited environment and…

Read the full post at darknet.org.uk

Continue reading sslscan – Detect SSL Versions & Cipher Suites (Including TLS)

Chinese Certificate Authority ‘mistakenly’ gave out SSL Certs for GitHub Domains

A Chinese certificate authority (CA) appeared to be making a significant security blunder by handing out duplicate SSL certificates for a base domain if someone just has control over its any subdomain.

The certificate authority, named WoSign, issued … Continue reading Chinese Certificate Authority ‘mistakenly’ gave out SSL Certs for GitHub Domains