Internet Safety and Protecting Your Cookies
The Modern Dilemma A friend asked me, “What can I do to keep safe on the Internet?” These days, most Internet access is through browsers. But not all of it. I do not use web mail. Electronic mail should be done with a dedicated tool like Thunderbird, configured for viewing messages in plain text form, […]
What Does The Recent SHA-1 Attack Mean For You And Your Organization?
Some top cryptographers have recently announced a significant step toward breaking the SHA-1 hash algorithm. Their work is described here and here, and also check out their paper. What does this mean for you and your organization? Let me start with a bit of background so the following makes sense. What Is A Hash? A […]
Analyzing Browsers’ and Servers’ SSL and TLS Usage for a More Secure Internet
Bob Cromwell blog post on LibreSSL mentioned the POODLE attack recently. POODLE has caused a lot of discussion of SSL (Secure Sockets Layer), TLS (Transport Layer Security) and corresponding browser and server support. Browsers support different encryption algorithms and security protocols to allow users to access sites that support those protocols. Likewise sites support different encryption […]
How Secure Are Password Managers?
In Learning Tree’s System and Network Security Introduction course we talk about the tradeoff between security and convenience. They’re usually at either end of the seesaw: If one is going to go up, the other has to go down. For clear examples of this, see the password managers implemented as parts of web browsers and […]
First The BEAST Threatened Us, But Now We Have Worse Things To Worry About
In Learning Tree’s Cloud Security Essentials course we have been discussing the BEAST attack. I wrote about it here last spring. Things have shifted recently, it’s time to update the discussion. TLS 1.0 and earlier SSL versions had a serious flaw that allowed an attacker to recover small fragments of cleartext, exposing authentication credentials. The […]