Posts Tagged ‘ssl’

Firefox Blocks Weak Diffie-Hellman Keys

Tuesday, October 18th, 2016

If you manage a web site that supports encryption, it’s time to make sure that your Diffie-Hellman keys are up to snuff.

Mozilla announced on September 30, 2016 that it made the decision to enforce stronger Diffie-Hellman keys in the Firefox web browser. Firefox users who visit websites that use weak — now less than1023 bits — will see a connection error message in the web browser instead of the actual site.

(more…)

Firefox 49 gets TLS 1.3 Support

Wednesday, June 22nd, 2016

I’d expect this trend will continue, as more and more applications switch over to TLS and SSL is gradually replaced.

Mozilla implemented support for the security protocol TLS 1.3 in Firefox 49 recently. TLS 1.3 is the most recent version of TLS (Transport Layer Security), the successor of SSL (Secure Sockets Layer). TLS is a cryptographic protocol used to improve communications security on the Internet.

(more…)

SSL 3.0 Vulnerability Discovered – Find Out How to Protect Yourself

Wednesday, October 15th, 2014

If you’re still using SSL 3.0 or even if you’re using the new TLS version, you should probably check this out …

A security vulnerability in SSL 3.0 has been uncovered by Bodo Möller and two other Google employees that attackers can exploit to calculate the plaintext of secure connections.

(more…)

Improve Tumblr Security by Enabling Two-Factor Authentication

Wednesday, March 26th, 2014

Two factor authentication does provide improved security over a standard password, but I’m not sure if I’m all that crazy about giving my phone number out to companies that might end up selling that information later.

Tumblr announced today that Two-Factor Authentication is now available for all users of the site. Two-Factor Authentication adds a second layer to the log in process on websites. Instead of accessing an account on Tumblr with the account’s username and password, another code needs to be entered before access is granted. That code is generated in real-time, usually through smartphone apps, SMS or hardware devices that can generate codes on demand.

(more…)

Upcoming Policy Changes to Google Chrome’s Certificate Handling

Friday, September 27th, 2013

This sounds like a helpful move; improved security and authentication are always a good thing.

Most financial websites and many popular services and sites offer SSL connections exclusively or in addition to regular connections. Whenever a browser connects to a website via SSL, it will download a certificate that it verifies to make sure the connection is legit.

(more…)

Google Chrome SSL Enforcer

Tuesday, January 10th, 2012

Here’s an interesting SSL extension for security conscious Chrome users …

Making sure that you are connected via SSL is one of the most important things Internet users can do to improve their security online. This is especially true on public computer networks, like those on airports, Internet cafes or on campus. Why? Because it is otherwise dead easy to wiretap the traffic that you send and receive on the network. And while that may not be an issue for some activities online, you better be sure when you sign into accounts or handle financial transactions on sites such as PayPal or your bank’s online presence.

(more…)

Why a Multi-Layered Approach to Security is Vital for Terminal Switch Applications

Monday, March 28th, 2011

Given the powerful remote access capabilities that a terminal switch (http://www.wti.com/c-56-terminal-switch.aspx) provides in an out of band management application, it’s absolutely vital to ensure that a terminal switch includes adequate security features to protect critical console port command functions from unauthorized access. Almost all terminal switch units include basic security features such as password protection, but in many terminal switch applications, simple password security isn’t enough; that’s why it’s important to select a terminal server product that supports additional, advanced security functions functions such as authentication and encryption such as HTTPS and the ability to create SSL security certificates.

(more…)

Add SSL to CentOS Web Server

Monday, December 6th, 2010

Here’s a handy trick for Linux users …

CentOS might well be one of the finest Linux distributions for a server environment. It is basically a mimic of Red Hat Enterprise Linux without the proprietary software and the price attached to it. With that in mind, it makes perfect sense to set CentOS up as your go-to Web server. It’s reliable, it’s stable, it’s extensible, and it’s secure.

(more…)

A Secure Server Console Switch for the Finance Industry

Friday, December 3rd, 2010

Since server console switch products are used in a variety of different applications in many different industries, it’s predictable that each industry looks for a different set of features when selecting a server console switch. Some market sectors are more concerned with port configuration parameters, others are more concerned with environmental alarms, while others are more interested in port buffering capabilities. But in the finance industry, the most important server console switch feature is always security and authentication.

(more…)