From July on, Chrome will brand plain old HTTP as “Not secure”
The “Not secure” label will go where the padlock would go for an encrypted connection. Continue reading From July on, Chrome will brand plain old HTTP as “Not secure”
Category Archives: SSL
Google Chrome Marking ALL Non-HTTPS Sites Insecure July 2018
Google is ramping up its campaign against HTTP only sites and is going to mark ALL Non-HTTPS sites insecure in July 2018 with the release of Chrome 68. It’s a pretty strong move, but Google and the Internet, in general, has been moving in this directio… Continue reading Google Chrome Marking ALL Non-HTTPS Sites Insecure July 2018
Cisco plugs critical hole in many of its enterprise security appliances
There’s an eminently exploitable remote code execution flaw in the Adaptive Security Appliance (ASA) Software running on a number of Cisco enterprise appliances, and admins are advised to plug the hole as soon as possible. The Cisco Product Secur… Continue reading Cisco plugs critical hole in many of its enterprise security appliances
Rethinking the Scrubbing Center
In the past five years, we have watched a rapid evolution in both sophistication and scale of DDoS attacks. Long gone are the days of the traditional Denial of Service (DoS) attack. Now, threat actors use massive IoT botnets to enslave mil… Continue reading Rethinking the Scrubbing Center
Post of the Week: SSL on a Virtual Server
In this Lightboard Post of the Week, I answer a few questions about SSL/https on Virtual Servers. BIG-IP being a default deny, full proxy device, it’s important to configure specific ports, like 443, to accept https traffic along with client and … Continue reading Post of the Week: SSL on a Virtual Server
I’m Sorry You Feel This Way NatWest, but HTTPS on Your Landing Page Is Important
Occasionally, I feel like I’m just handing an organisation more shovels – “here, keep digging, I’m sure this’ll work out just fine…” The latest such event was with NatWest (a bank in the UK), and it culminated with this tweet from them:
I’m sorry you feel
Continue reading I’m Sorry You Feel This Way NatWest, but HTTPS on Your Landing Page Is Important
Facebook patches security flaw based on 19-year-old bug; other sites may still be vulnerable
Facebook has paid a group of researchers a bug bounty prize for notifying the company of a severe vulnerability based on a slight modification of an encryption bug from 1998 that was until now presumed to be patched by most major websites, Forbes reported. The researchers say many more websites could be vulnerable. The trio of researchers – Hanno Böck and Juraj Somorovsky from Germany, and Craig Young from the United States – dubbed the vulnerability “ROBOT” in a blog post published on Tuesday and say that it could affect subdomains on 27 of the top 100 websites on Alexa, the web traffic analytics website. The bug can let a hacker sit between a user and a website’s server and intercept private information, such as passwords. The vulnerability is based on the 19-year-old Bleichenbacher attack, by which an attacker can figure how to break through a websites’s encryption using a barrage of queries. […]
The post Facebook patches security flaw based on 19-year-old bug; other sites may still be vulnerable appeared first on Cyberscoop.
Facebook patches security flaw based on 19-year-old bug; other sites may still be vulnerable
Facebook has paid a group of researchers a bug bounty prize for notifying the company of a severe vulnerability based on a slight modification of an encryption bug from 1998 that was until now presumed to be patched by most major websites, Forbes reported. The researchers say many more websites could be vulnerable. The trio of researchers – Hanno Böck and Juraj Somorovsky from Germany, and Craig Young from the United States – dubbed the vulnerability “ROBOT” in a blog post published on Tuesday and say that it could affect subdomains on 27 of the top 100 websites on Alexa, the web traffic analytics website. The bug can let a hacker sit between a user and a website’s server and intercept private information, such as passwords. The vulnerability is based on the 19-year-old Bleichenbacher attack, by which an attacker can figure how to break through a websites’s encryption using a barrage of queries. […]
The post Facebook patches security flaw based on 19-year-old bug; other sites may still be vulnerable appeared first on Cyberscoop.
VU#144389: TLS implementations may disclose side channel information via discrepancies between valid and invalid PKCS#1 padding
TLS implementations may disclose side channel information via discrepancies between valid and invalid PKCS#1 padding,and may therefore be vulnerable to Bleichenbacher-style attacks. This attack is known as a"ROBOT attack". Continue reading VU#144389: TLS implementations may disclose side channel information via discrepancies between valid and invalid PKCS#1 padding
Cyber Security Predictions
2016 was the Year of DDoS. 2017 was the Year of Ransom. Can we assess leading indicators of new attack techniques and motivations to predict what 2018 will bring? The answer is a resounding “yes.” We believe 2018 will be the Year of Automa… Continue reading Cyber Security Predictions