PKI Consortium blog
Posts by tag Vulnerability
Getting the Most Out of SSL Part 2: Configuration
June 29, 2013 by
Ryan Hurst
Attack
CASC
DH
Forward Secrecy
OpenSSL
PKI
RC4
RSA
SSL/TLS
TLS 1.0
TLS 1.2
Vulnerability
They say the most complicated skill is to be simple; despite SSL and HTTPS having been around for a long time, they still are not as simple as they could be.
One of the reasons for this is that the security industry is constantly learning more about how to design and build secure systems; as a result, the protocols and software used to secure online services need to continuously evolve to keep up with the latest risks.
5 Tips for SMBs to Help Secure Their Online Presence
June 17, 2013 by
CA Security Council
CASC
Identity
Malware
SSL/TLS
Vulnerability
With National SMB Week upon us, the CASC has come up with its five tips for SMBs to help secure their online presence. By implementing these simple steps SMBs can build trust and loyalty by ensuring their website is safe to visit, search, enter personal information, or complete a transaction.
Create unbreakable passwords – Strong passwords are essential on any account related to your online presence (domain registrar, hosting account, SSL provider, social media, PayPal, etc.
An Introduction to OCSP Multi-Stapling
May 7, 2013 by
CA Security Council
CA/Browser Forum
CRL
IETF
OCSP
Revocation
SSL/TLS
Vulnerability
OCSP Stapling OCSP is a protocol used to check the validity of certificates to make sure they have not been revoked. OCSP is an alternative to Certificate Revocation Lists (CRLs). Since OCSP responses can be as small as a few hundred bytes, OCSP is particularly useful when the issuing CA has relatively big CRLs, as well as when the client has limited memory and processing power.
OCSP can also provide much more timely information than CRLs about the status of a certificate since the information is generally fetched more frequently.
All You Need to Know About the RC4 Encryption Scheme
March 14, 2013 by
Rick Andrews
Attack
CASC
Encryption
RC4
RSA
SSL/TLS
Vulnerability
The latest published attacks target specific algorithms used within SSL/TLS. Those algorithms are used when a client connects to a server via SSL/TLS; they’re not used when a Certificate Authority signs a certificate. The attacks demonstrate potential weaknesses in the use of the algorithms.
While interesting, the attacks don’t represent an immediate practical threat to users of SSL/TLS (including online banking, e-commerce, social networking, etc.). Such attacks require an attacker to run malicious software on a user’s computer which would connect to a particular web site and send the same message over and over again many times.
RSA Recap – Securing Your Site
March 8, 2013 by
Ben Wilson
BEAST
CASC
Encryption
Firefox
Hash Function
HSTS
OpenSSL
Policy
RSA
SSL/TLS
TLS 1.1
TLS 1.2
Vulnerability
At RSA last week a few of us participated in panel discussions that focused on SSL/TLS. During the panel that I moderated on Friday, one theme we addressed was secure server configuration. One of CASC’s goals is to help harden existing SSL/TLS implementations against vulnerabilities—because most SSL/TLS exploits arise from suboptimal website configurations. These vulnerabilities and attacks can be mitigated or even eliminated with proper server configuration and good website design.