Netflix Releases Open Source Message Security Layer

by Chris Swan on  Nov 24, 2014

Netflix have announced the release of the Message Security Layer protocol (MSL), which they describe as ‘A Modern Take on Securing Communication’. The project is available on github under the Apache 2.0 license, with implementations in Java and JavaScript.

Google to remove support for SSL 3.0

by Alex Blewitt on  Oct 14, 2014 7

Google have announced that they will remove support for the obsolete SSL 3.0 after discovering vulnerabilities that may be exploitable by forcing clients or servers to downgrade. Removing SSL 3.0 may also unlock stalled negotiations with HTTP2. Read on for more details.

CloudFlare Universal SSL - Free Web Security for All

by Chris Swan on  Oct 08, 2014 1

CloudFlare have made SSL available to all free subscribers to its content delivery network (CDN) with Universal SSL. The move addresses both cost and complexity issues that have previously confronted web site and application owners wanting to deploy SSL. CloudFlare takes care of issuing a certificate at no cost to the end user, and enabling SSL becomes a selection from a dropdown menu.

GitHub, BitBucket, Twitter and other Secure Services Affected on Mac OS X By Expired SSL Certificate

by Dio Synodinos on  Jul 27, 2014

On Saturday July 26th, an intermediate certificate issued by DigiCert that was used by online services like GitHub, BitBucket, etc expired. Since this certificate was widely cached in the keychains of many Mac OS X users, this expiration caused any connection via browser or API to raise certificate chain errors.

Android 4.1.1 Vulnerable to Reverse Heartbleed

by Sergio De Simone on  Apr 15, 2014

Google announced last week that Android 4.1.1 is susceptible to the Heartbleed OpenSSL bug. While Android 4.1.1 is, according to Google, the only Android version vulnerable to Heartbleed, it remains in use in millions of smartphones and tablets. Android 4.1.1 devices have been shown to leak significant amount of data in a "reverse Heartbleed" attack.

Microsoft to Stop Honoring SHA1 Certificates for SSL and Code Signing

by Jonathan Allen on  Nov 20, 2013

Following recommendations by the US National Institute of Standards and Technology, Microsoft intends to stop honoring SHA1 for SSL and Code Signing certificates. This policy will begin in 2017 and applies to Windows Vista, Windows Server 2008, and later operating systems.

Researchers Expose SSL Vulnerabilities in Libraries and Their Usage in Popular Non-Browser Services

by Jeevak Kasarkod on  Oct 31, 2012

A recent publication in the ACM CCS'12 proceedings titled "The Most Dangerous Code in the World:Validating SSL Certificates in Non-Browser Software" exposes critical vulnerabilities in the creation and usage of SSL libraries in non-browser applications. The lessons learnt and the ensuing recommendations to developers and testers are shared in this news item.

Will SSL Collapse Under its Own Weight?

by Jean-Jacques Dubray on  Feb 02, 2011 6

Lori MacVittie from F5 Networks provided an analysis of the recent adoption of NIST SSL Deployment Guidelines by the US Government as of January 2011. Since all commercial certificate authorities now issue only 2048-bit keys, the capacity of a server to process SSL is severely impacted and invalidates the general belief that SSL is not computationally expensive.

An MD5 Implementation for Silverlight

by Abel Avram on  Jan 29, 2009

An implementation of the MD5 cryptographic hashing algorithm for Silverlight has been posted on MSDN by Reid Borsuk. Delay, another MSDN user, has recently posted ComputeFileHashes, a small .NET command-line application that also works on WPF and Silverlight and is helpful to compute MD5, SHA-1, and CRC-32 hashes.

MD5 Exploit Potentially Compromises SSL Security

by Charlie Martin on  Jan 05, 2009

SSL-based security using X509 certificates from certain CA's opens a vulnerability to sites masquerading under a forged X509 certificate, even in a "secure" connection. This was demonstrated recently at the Chaos Conference in Berlin by spoofing a real certificate.

JRuby: 1.0.3 addresses compatibility issues, 1.1 performance update

by Werner Schuster on  Dec 20, 2007

JRuby 1.0.3 is out now. Although a point release, the update is significant because it addresses compatibility issues with Rails 2.0 and other libraries and tools. Meanwhile, some JRuby 1.1 performance improvements get noticed.

Not-Yet-Commons-SSL Provides Powerful (and Free) SSL Capabilities

by James Kao on  Jun 04, 2007

Not-Yet-Commons-SSL is an Apache licensed Java library designed to simplify the use of SSL by providing an easy-to-use API along with robust support for a variety of certificate formats and configuration options.

General Feedback
Marketing and all content copyright © 2006-2015 C4Media Inc. hosted at Contegix, the best ISP we've ever worked with.
Privacy policy