ssl security – WindowsTechs.com

Explained: How New ‘Delegated Credentials’ Boosts TLS Protocol Security

Posted on November 6, 2019 by Unknown

Mozilla, in partnership with Facebook, Cloudflare, and other IETF community members, has announced technical specifications for a new cryptographic protocol called “Delegated Credentials for TLS.”

Delegated Credentials for TLS is a new simplified way … Continue reading Explained: How New ‘Delegated Credentials’ Boosts TLS Protocol Security→

testssl.sh – Test SSL Security Including Ciphers, Protocols & Detect Flaws

Posted on October 20, 2018 by Darknet

testssl.sh is a free command line tool to test SSL security, it checks a server’s service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws and more.

testssl.sh is pretty much portable/compatible. It is w… Continue reading testssl.sh – Test SSL Security Including Ciphers, Protocols & Detect Flaws→

Security Flaw Left Major Banking Apps Vulnerable to MiTM Attacks Over SSL

Posted on December 7, 2017 by Swati Khandelwal

A team of security researchers has discovered a critical implementation flaw in major mobile banking applications that left banking credentials of millions of users vulnerable to hackers.

The vulnerability was discovered by researchers of the Security… Continue reading Security Flaw Left Major Banking Apps Vulnerable to MiTM Attacks Over SSL→

A2SV – Auto Scanning SSL Vulnerability Tool For Poodle & Heartbleed

Posted on October 9, 2017 by Darknet

A2SV is a Python-based SSL Vulnerability focused tool that allows for auto-scanning and detection of the common and well-known SSL Vulnerabilities.

SSL Vulnerabilities Detected by A2SV

[CVE-2007-1858] Anonymous Cipher
[CVE-2012-4929] CRIME(SPDY)
[CVE-2014-0160] CCS Injection
[CVE-2014-0224] HeartBleed
[CVE-2014-3566] SSLv3 POODLE
[CVE-2015-0204] FREAK Attack
[CVE-2015-4000] LOGJAM Attack
[CVE-2016-0800] SSLv2 DROWN

Planned for future:

[PLAN] SSL ACCF
[PLAN] SSL Information Analysis

Installation & Requirements for A2SV

Read the rest of A2SV – Auto Scanning SSL Vulnerability Tool For Poodle & Heartbleed now! Only available at Darknet.

Continue reading A2SV – Auto Scanning SSL Vulnerability Tool For Poodle & Heartbleed→

Simple Hack Lets Hackers Listen to Your Facebook Voice Messages Sent Over Chat

Posted on January 17, 2017 by Swati Khandelwal

Most people hate typing long messages while chatting on messaging apps, but thanks to voice recording feature provided by WhatsApp and Facebook Messenger, which makes it much easier for users to send longer messages that generally includes a lot of typ… Continue reading Simple Hack Lets Hackers Listen to Your Facebook Voice Messages Sent Over Chat→

sslscan – Detect SSL Versions & Cipher Suites (Including TLS)

Posted on December 10, 2016 by Darknet

sslscan is a very efficient C program that allows you to detect SSL versions & cipher suites (including TLS) and also checks for vulnerabilities like Heartbleed and POODLE. A useful tool to keep around after you’ve set-up a server to check the SSL configuration is robust. Especially if you’re in an Internet limited environment and…

Read the full post at darknet.org.uk

Continue reading sslscan – Detect SSL Versions & Cipher Suites (Including TLS)→

Chinese Certificate Authority ‘mistakenly’ gave out SSL Certs for GitHub Domains

Posted on August 29, 2016 by Swati Khandelwal

A Chinese certificate authority (CA) appeared to be making a significant security blunder by handing out duplicate SSL certificates for a base domain if someone just has control over its any subdomain.

The certificate authority, named WoSign, issued … Continue reading Chinese Certificate Authority ‘mistakenly’ gave out SSL Certs for GitHub Domains→