BT
rss

GitHub, BitBucket, Twitter and other Secure Services Affected on Mac OS X By Expired SSL Certificate

by Dio Synodinos on  Jul 27, 2014

On Saturday July 26th, an intermediate certificate issued by DigiCert that was used by online services like GitHub, BitBucket, etc expired. Since this certificate was widely cached in the keychains of many Mac OS X users, this expiration caused any connection via browser or API to raise certificate chain errors.

Android 4.1.1 Vulnerable to Reverse Heartbleed

by Sergio De Simone on  Apr 15, 2014

Google announced last week that Android 4.1.1 is susceptible to the Heartbleed OpenSSL bug. While Android 4.1.1 is, according to Google, the only Android version vulnerable to Heartbleed, it remains in use in millions of smartphones and tablets. Android 4.1.1 devices have been shown to leak significant amount of data in a "reverse Heartbleed" attack.

Microsoft to Stop Honoring SHA1 Certificates for SSL and Code Signing

by Jonathan Allen on  Nov 20, 2013

Following recommendations by the US National Institute of Standards and Technology, Microsoft intends to stop honoring SHA1 for SSL and Code Signing certificates. This policy will begin in 2017 and applies to Windows Vista, Windows Server 2008, and later operating systems.

Researchers Expose SSL Vulnerabilities in Libraries and Their Usage in Popular Non-Browser Services

by Jeevak Kasarkod on  Oct 31, 2012

A recent publication in the ACM CCS'12 proceedings titled "The Most Dangerous Code in the World:Validating SSL Certificates in Non-Browser Software" exposes critical vulnerabilities in the creation and usage of SSL libraries in non-browser applications. The lessons learnt and the ensuing recommendations to developers and testers are shared in this news item.

Will SSL Collapse Under its Own Weight?

by Jean-Jacques Dubray on  Feb 02, 2011 6

Lori MacVittie from F5 Networks provided an analysis of the recent adoption of NIST SSL Deployment Guidelines by the US Government as of January 2011. Since all commercial certificate authorities now issue only 2048-bit keys, the capacity of a server to process SSL is severely impacted and invalidates the general belief that SSL is not computationally expensive.

An MD5 Implementation for Silverlight

by Abel Avram on  Jan 29, 2009

An implementation of the MD5 cryptographic hashing algorithm for Silverlight has been posted on MSDN by Reid Borsuk. Delay, another MSDN user, has recently posted ComputeFileHashes, a small .NET command-line application that also works on WPF and Silverlight and is helpful to compute MD5, SHA-1, and CRC-32 hashes.

MD5 Exploit Potentially Compromises SSL Security

by Charlie Martin on  Jan 05, 2009

SSL-based security using X509 certificates from certain CA's opens a vulnerability to sites masquerading under a forged X509 certificate, even in a "secure" connection. This was demonstrated recently at the Chaos Conference in Berlin by spoofing a real certificate.

JRuby: 1.0.3 addresses compatibility issues, 1.1 performance update

by Werner Schuster on  Dec 20, 2007

JRuby 1.0.3 is out now. Although a point release, the update is significant because it addresses compatibility issues with Rails 2.0 and other libraries and tools. Meanwhile, some JRuby 1.1 performance improvements get noticed.

Not-Yet-Commons-SSL Provides Powerful (and Free) SSL Capabilities

by James Kao on  Jun 04, 2007

Not-Yet-Commons-SSL is an Apache licensed Java library designed to simplify the use of SSL by providing an easy-to-use API along with robust support for a variety of certificate formats and configuration options.

General Feedback
Bugs
Advertising
Editorial
InfoQ.com and all content copyright © 2006-2014 C4Media Inc. InfoQ.com hosted at Contegix, the best ISP we've ever worked with.
Privacy policy
BT