Archive for FREE INTERNET

[hackersmag] Don’t SSL-ify full site until SSL is itself Secure

Posted in ABK Labs, security with tags , , , , , , , , , on April 3, 2011 by abhishekkr

http://hackersmag.blogspot.com [30/03/2011]

http://hackersmag.blogspot.com/2011/03/full-site-ssl-ification-is-not-option.html

Full Site SSL-ification is not an option, need to make SSL secure first

I have  heard (Recently and in past) security aware lives wasting a lot of their potential over the argument like
+ ‘Basic HTTP is insecure‘ {sometimes in novice past}
+ ‘SSL-ify entire web service‘ {still a lot push is there}
Now, ‘Basic HTTP’ being insecure is not a flaw by design… but a flaw by choice.

……….
Though it has been haunting the websites by attacks like
+[] SSL Stripping:
It’s due to……….
+[] Sidejacking:
It occurs……….
……….
Then, ‘Full Site SSL-ification’ is a good choice from theoretical security point-of-view, but just in theory.
Different SSL-Defeating attacks involving
+[] Flaws in Libraries like NSS:
There was a……….
+[] Fake SSL Certificate generation:
Not a flaw……….
……….
So, if you will look deeper into serial-murder case file of   SSL Certificates, you’ll see it ain’t safe…
and so there is no point in argument over its mixed/full   implementation.
…click here to read in detail

Advertisements

Leave a comment »

[hackersmag] Indian Airport Internet – Hacking Policies Not Machines

Posted in Blogroll, security with tags , , , , , , , on March 16, 2011 by abhishekkr

http://hackersmag.blogspot.com [16/03/1986]

http://hackersmag.blogspot.com/2011/03/indian-airport-internet-hacking.html

Indian Airport Internet – Hacking Policies Not Machines

The Service Acts in following way:
Step.1: You’ll get an Open WiFi Network…..

Loopholes in Service Scheme:
[] Continuous Access For Longer Duration…..
[] Parallel Access For Same Credential Set…..

…click here to read full blog-post

Leave a comment »