Tagg: browser security

The Modern Dilemma A friend asked me, “What can I do to keep safe on the Internet?” These days, most Internet access is through browsers. But not all of it. I do not use web mail. Electronic mail should be done with a dedicated tool like Thunderbird, configured for viewing messages in plain text form, […]

Some top cryptographers have recently announced a significant step toward breaking the SHA-1 hash algorithm. Their work is described here and here, and also check out their paper. What does this mean for you and your organization? Let me start with a bit of background so the following makes sense. What Is A Hash? A […]

Bob Cromwell blog post on LibreSSL mentioned the POODLE attack recently. POODLE has caused a lot of discussion of SSL (Secure Sockets Layer), TLS (Transport Layer Security) and corresponding browser and server support. Browsers support different encryption algorithms and security protocols to allow users to access sites that support those protocols. Likewise sites support different encryption […]

In Learning Tree’s System and Network Security Introduction course we talk about the tradeoff between security and convenience. They’re usually at either end of the seesaw: If one is going to go up, the other has to go down. For clear examples of this, see the password managers implemented as parts of web browsers and […]

In Learning Tree’s Cloud Security Essentials course we have been discussing the BEAST attack. I wrote about it here last spring. Things have shifted recently, it’s time to update the discussion. TLS 1.0 and earlier SSL versions had a serious flaw that allowed an attacker to recover small fragments of cleartext, exposing authentication credentials. The […]