Sunday, September 27th, 2009
With its last update, Microsoft has added StartCom to the pre-installed root certificates in its operating system. As a result, Microsoft products (such as Internet Explorer) now accept certificates issued by StartCom without prompting the user or requiring any special configurations for the certificates. Third-party programs that use the operating ...
Posted in Internet, Privacy, Security, Windows | No Comments
Monday, August 3rd, 2009
Security researchers have found some serious flaws in software that uses the SSL (Secure Sockets Layer) encryption protocol used to secure communications on the Internet.
At the Black Hat conference in Las Vegas on Thursday, researchers unveiled a number of attacks that could be used to compromise secure traffic travelling between ...
Posted in Internet, Privacy, Security | No Comments
Thursday, June 11th, 2009
Here is a great post from Jeff Moser over at Moserware that gives you a detailed walk-through of what exactly happens when you make an https connection to a server (in this example: amazon.com). So much more happens than just the URL changing from http to https and a padlock ...
Posted in Internet, Privacy, Security | No Comments
Thursday, February 26th, 2009
This tool provides a demonstration of the HTTPS stripping attacks that was presented at Black Hat DC 2009. It will transparently hijack HTTP traffic on a network, watch for HTTPS links and redirects, then map those links into either look-alike HTTP links or homograph-similar HTTPS links. It also supports modes ...
Posted in Coding, Internet, Privacy, Security | 1 Comment
Saturday, February 21st, 2009
A researcher has found a convincing way to hack the SSL protocol used to secure logins to a range of Web sites, including e-commerce and banking sites.
Using a specially-created app, 'SSLstrip', a researcher calling himself Moxie Marlinspike demonstrated to Black Hat Arlington, Va attendees, how vulnerable many SSL connections were ...
Posted in Internet, Privacy, Security | No Comments
