EFF Unleashes HTTPS Everywhere 5 →

April 06, 2015 by Marc Handelman in All is Information, EFF, Encryption, Information Security, SSL / TLS

News (on April 2, 2015), of the Mozilla Foundation's Firefox, Google Inc.'s (NasdaqGS: GOOG) Chrome, Google Inc.'s Android and Norways' Opera Software ASA's Opera browser tunneling plugin HTTPS Everywhere Version 5, of which, has been released by the Electronic Frontier Foundation (EFF).

While we do applaud (and support, and you should too) the EFF in the organizations' effort to provide secure tunneling to the world (one plugin at a time), there is always the concern of governmental, corporate and institutional users sitting behind proxies with in-built MITM surveillance capabilities, similar to the Stanford MITM model...

Internets, Cuniculum Autem →

February 02, 2015 by Marc Handelman in All is Information, Communications, Compute Infrastructure, Cryptography, Data Security, Encryption, Governance, Information Security, Network Security, SSL / TLS

Slides, Video

New Poodle Variant

December 12, 2014 by Marc Handelman in All is Information, Information Security, Network Security, SSL / TLS

via the inimitable Dan Goodin, writing at Ars Technica, regales us with the latest POODLE attack news, this time, targeting TLS, and not your ankles...

All Your Base, Encrypted They Are

November 25, 2014 by Marc Handelman in All is Information, Complexity, IETF, Information Security, SSL / TLS, EFF

Efforts are underway, led by the inimitable Electronic Frontier Foundation to encrypt the Internets, in it's entirety...

The Shaming →

August 20, 2014 by Marc Handelman in All is Information, Application Security, Blatant Stupidity, Cruft, Data Security, Information Security, SSL / TLS, Web Security

Evidently, Public Shaming, a la 16th Century European public pillorying and taunt, is the vogue, when targeting mindless, and therefore vulnerable, web deployments. The latest body incarnate example of this manouevre, is HTTP Shaming, a Tumblr blog dedicated to exposing the less-than-well-planned-sites floating around our interweb.

Pwnd

August 11, 2014 by Marc Handelman in SSL / TLS, Intelligence, Network Security, Blatant Stupidity, Malware, Physical Security, All is Information, DevOps, Cryptography, Security Prophylaxis, Sarcasm, Humor, Information Security

Today's BlackHat Las Vegas 2014 news brings the annual security confabs' bestowment of the Pownie awards; so, without further ado, examine Sophos' take on the award. So apropos.

Staunch the Bleeding...

June 09, 2014 by Marc Handelman in Application Security, Data Security, Information Security, SSL / TLS, Web Security

Dan Goodin, writing at ArsTechnica, regales us with this sorry tale of another deep and aged flaw (in existence for nearly 16 years) in OpenSSL's cryptolib. This time, the flaw exists in the ChangeCipherSpec component of the crypto-library. Outstanding research, crafted by Lepidum tells it all.

Ristić's Model

June 05, 2014 by Marc Handelman in Cryptography, Data Security, SSL / TLS

Ivan Ristić's SSL Threat Model. Hat Tip to Firewall Consultants.