Comments on the DROWN Vulnerability

I manage some sites that use Transport Layer Security(TLS). That is, they serve pages using URLs that begin with “https.” I was interested, therefore, in the discovery of yet another implementation bug in SSL/TLS implementations. This is the DROWN (Decrypting RSA with Obsolete and Weakened eNcryption) vulnerability. At the end of this post are links […]
Read More ›

Keeping Secrets: Setting a Cipher Mode

Earlier this week we considered ways to split the many choices of ciphers (or encryption algorithms): symmetric versus asymmetric, and block versus stream. The block symmetric ciphers do the heavy lifting, they are used for large data sets. But one block symmetric cipher can be operated in various modes, and the selection of mode depends […]
Read More ›

Let’s Encrypt Issues First Certificate

The promise of free TLS certificates came a step closer to reality earlier in September, when Let’s Encrypt issued its first certificate and applied to the root programs for Mozilla, Google, Microsoft, and Apple according to the Let’s Encrypt Blog. I have installed their root certificate in my browser already – it is easy and […]
Read More ›

Analyzing Browsers’ and Servers’ SSL and TLS Usage for a More Secure Internet

Bob Cromwell blog post on LibreSSL mentioned the POODLE attack recently. POODLE has caused a lot of discussion of SSL (Secure Sockets Layer), TLS (Transport Layer Security) and corresponding browser and server support. Browsers support different encryption algorithms and security protocols to allow users to access sites that support those protocols. Likewise sites support different encryption […]
Read More ›

How to Log Events and Maintain Compliance with journald, the New Linux System Event Log– Part 1: Configuring the Daemon

Cybersecurity laws and other regulations clearly exist for good reasons, and there are serious penalties involved if you fail to meet them. The new version of PCI DSS, the Payment Card Industry Data Security Standard, requires going beyond showing that data can be secure, you must show that it will be secure through established procedures […]
Read More ›

Type to search blog.learningtree.com

Do you mean "" ?

Sorry, no results were found for your query.

Please check your spelling and try your search again.