Vulnerabilities

  1. OPENSSL GUIDE TO DROWN (CVE-2016-0800)

    More than 11 million websites and e-mail services protected by the transport layer security protocol are vulnerable to a newly discovered, low-cost attack that decrypts sensitive communications in a matter of hours and in some cases almost immediately, an international team of researchers warned Tuesday March 1 2016. More than 81,000 of the top 1 Read More…

  2. San Bernardino, Paris, and the Implications for COTS Solutions Certification for Government Use

    By now, nearly everyone in the Western world has heard of the on-going campaign by many law enforcement and intelligence agencies to get legislation requiring technology vendors, and in particular manufacturers of mobile devices, to offer back doors and/or off-by-default encryption. While this battle seems to by cyclical, rearing its head every few years, the Read More…

  3. Heartbleed and certifications

    Before we go any further let me clarify that this is not just another heartbleed post. If you are interested in details there is plenty of information available here, here, and here. More importantly if you want to know whether your webserver/website is vulnerable you can test it here or on your webserver you can Read More…