[hackersmag] Don’t SSL-ify full site until SSL is itself Secure

http://hackersmag.blogspot.com [30/03/2011]


Full Site SSL-ification is not an option, need to make SSL secure first

I have  heard (Recently and in past) security aware lives wasting a lot of their potential over the argument like
+ ‘Basic HTTP is insecure‘ {sometimes in novice past}
+ ‘SSL-ify entire web service‘ {still a lot push is there}
Now, ‘Basic HTTP’ being insecure is not a flaw by design… but a flaw by choice.

Though it has been haunting the websites by attacks like
+[] SSL Stripping:
It’s due to……….
+[] Sidejacking:
It occurs……….
Then, ‘Full Site SSL-ification’ is a good choice from theoretical security point-of-view, but just in theory.
Different SSL-Defeating attacks involving
+[] Flaws in Libraries like NSS:
There was a……….
+[] Fake SSL Certificate generation:
Not a flaw……….
So, if you will look deeper into serial-murder case file of   SSL Certificates, you’ll see it ain’t safe…
and so there is no point in argument over its mixed/full   implementation.
…click here to read in detail


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: