Category Archives: SSL

VU#556600: Space Coast Credit Union SCCU Mobile for Android and iPhone fails to properly validate SSL certificates

Posted on by

Space Coast Credit Union SCCU Mobile for Android,version 2.1.0.1104 and earlier,and for iOS,version 2.2 and earlier,fails to properly validate SSL certificates provided by HTTPS connections,which may enable an attacker to conduct man-in-the-middle(MITM)attacks. Continue reading VU#556600: Space Coast Credit Union SCCU Mobile for Android and iPhone fails to properly validate SSL certificates

VU#276408: Think Mutual Bank Mobile Banking App for iPhone fails to properly validate SSL certificates

Posted on by

Think Mutual Bank mobile banking app for iOS,version 3.1.5 and earlier,fails to properly validate SSL certificates provided by HTTPS connections,which may enable an attacker to conduct man-in-the-middle(MITM)attacks. Continue reading VU#276408: Think Mutual Bank Mobile Banking App for iPhone fails to properly validate SSL certificates

New OS X Malware Grants Attackers Access to All Victim Communication

Posted on by

A new strain of malware grants attackers access to all victim communication, including messages encrypted by SSL, upon successful infection. An attack begins when a user receives a phishing message that contains a bundle for the malware, known as OSX/Dok, in a .zip archive called Dokument.zip. The malware bundle goes by the name “Truesteer.AppStore.” One […]… Read More

The post New OS X Malware Grants Attackers Access to All Victim Communication appeared first on The State of Security.

Continue reading New OS X Malware Grants Attackers Access to All Victim Communication

British Gas invalid certificate warnings.

Posted on by

Like thousands or even millions of other British Gas users, I received my usual monthly email asking me to submit my meter reading . Nothing unusual in that, until I followed the link ( as usual ) and got an invalid certificate warning.  I do this every month and have Continue reading → Continue reading British Gas invalid certificate warnings.

All your websites using StartCom certificates are about to break

Posted on by

Sponsored by: Gold Security – Keep your Customer’s Data Safe from Breaches – Hackers don’t wait. Act Now!

A Twitterer sent me this a few days ago:

.@troyhunt you’ve got SSL issues in Chrome 58+ on @ASafaWeb pic.twitter.com/qtUiMxV9tW

— Jonathan (@Eonasdan) April 13, 2017

Now normally when I get a report about an SSL thing not working (by which we mean TLS, but

Continue reading All your websites using StartCom certificates are about to break

All your websites using StartCom certificates are about to break

Posted on by

Sponsored by: Gold Security – Keep your Customer’s Data Safe from Breaches – Hackers don’t wait. Act Now!

A Twitterer sent me this a few days ago:

.@troyhunt you’ve got SSL issues in Chrome 58+ on @ASafaWeb pic.twitter.com/qtUiMxV9tW

— Jonathan (@Eonasdan) April 13, 2017

Now normally when I get a report about an SSL thing not working (by which we mean TLS, but

Continue reading All your websites using StartCom certificates are about to break

New Pluralsight Course: What Every Developer Must Know About HTTPS

Posted on by

Sponsored by: Titania – Find your network security gaps before hackers do with world’s first detailed configuration auditing tool

It’s a great time for HTTPS. Actually, there’s never been a better time and as each day goes by, we see constant reminders of how important it is. Someone sent me a great example of this just the other day by virtue of a bug that had been lodged with

Continue reading New Pluralsight Course: What Every Developer Must Know About HTTPS