Archive for SSL

[hackersmag] Whou can you do to defeat SSL BEAST

Posted in AbhishekKr, security with tags , , , , , on November 14, 2011 by abhishekkr

@ hackersmag.blogspot.com [23-September-2011]

http://hackersmag.blogspot.com/2011/09/beast-beating-ssl-tls-what-you-can-do.html

B.E.A.S.T.?
What It Does?
Point-to-Note!
Security Measures until F!XED…..
Something you should already be doing, if not start now…
To get a more detailed insight at the exploit Paper & Code, get your hands over…..
What to do at Server Side…..

…..click here to read in detail

 

[hackersmag] Don’t SSL-ify full site until SSL is itself Secure

Posted in ABK Labs, security with tags , , , , , , , , , on April 3, 2011 by abhishekkr

http://hackersmag.blogspot.com [30/03/2011]

http://hackersmag.blogspot.com/2011/03/full-site-ssl-ification-is-not-option.html

Full Site SSL-ification is not an option, need to make SSL secure first

I have  heard (Recently and in past) security aware lives wasting a lot of their potential over the argument like
+ ‘Basic HTTP is insecure‘ {sometimes in novice past}
+ ‘SSL-ify entire web service‘ {still a lot push is there}
Now, ‘Basic HTTP’ being insecure is not a flaw by design… but a flaw by choice.

……….
Though it has been haunting the websites by attacks like
+[] SSL Stripping:
It’s due to……….
+[] Sidejacking:
It occurs……….
……….
Then, ‘Full Site SSL-ification’ is a good choice from theoretical security point-of-view, but just in theory.
Different SSL-Defeating attacks involving
+[] Flaws in Libraries like NSS:
There was a……….
+[] Fake SSL Certificate generation:
Not a flaw……….
……….
So, if you will look deeper into serial-murder case file of   SSL Certificates, you’ll see it ain’t safe…
and so there is no point in argument over its mixed/full   implementation.
…click here to read in detail