SSL/TLS MITM vulnerability CVE-2014-0224
We are aware of the OpenSSL advisory posted at https://www.openssl.org/news/secadv_20140605.txt. OpenSSL is vulnerable to a ChangeCipherSpec (CCS) Injection Vulnerability. An attacker using a carefully...
View ArticleWhat you need to know about POODLE/SSL 3.0 vulnerability
UPDATE – 10/16 12:45 p.m. PT: For users with Akamai sites, Akamai has made the following updates: Akamai is going to be disabling SSLv3 and SSLv2 support on an aggressive timeline If SSLv3 support is...
View ArticleWeb Security For the Tech-Impaired: The Dangers of Email
Editor’s Note: The following post is the first in a series of blasts that we will be sharing for readers who are – or who know people that are – not technically savvy. We will touch on topics that we...
View ArticleWeb Security for the Tech-Impaired: Passwords that Pass the Test
In my last post, “The Dangers of Email”, I explored ways that folks who are less than technically savvy can practice good email security hygiene. Today we’ll get into a somewhat controversial subject:...
View ArticleCVE-2015-0204 Freak Attack
It has been discovered that OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k are vulnerable to a downgrade attack. In short, an attacker could man-in-the-middle a user and web...
View ArticleWeb Security for the Tech-Impaired: The Importance of the ’S’
There’s one little letter that has huge importance when you’re logging into sites or buying your favorite items: it’s the letter ’S’. The ’s’ I’m referring to is the ’S’ in HTTPS. You may never have...
View ArticleLogjam: Web Encryption Vulnerability
A team of researchers has released details of a new attack called “Logjam.” This attack, like FREAK, enables a man-in-the-middle attacker to downgrade the connection between the client and the server...
View ArticleWeb Security for the Tech Impaired: Connecting to WiFi
We’ve all been at an airport or coffee shop and checked our phone to see that your internet connection is incredibly slow. You curse the heavens in frustration and then you notice that they offer free...
View ArticleOpenSSL CVE-2015-1793
OpenSSL released a security advisory regarding CVE-2015-1793, a bug in the implementation of the certificate verification process: … from version 1.0.1n and 1.0.2b) will attempt to find an alternative...
View ArticleWeb Security for the Tech Impaired: What is two factor authentication?
You may have heard the term ‘two-factor’ or ‘multi-factor’ authentication. If you haven’t heard of these terms, chances are you’ve experienced this and not even known it. The interesting thing is that...
View Article
