Join 3,564 readers in helping fund MetaFilter (Hide)

13 posts tagged with ssl. (View popular tags)
Displaying 1 through 13 of 13. Subscribe:

Related tags:
+ (5)


Users that often use this tag:
crunchland (2)

at least it's not a protocol bug

The Heartbleed Bug was introduced to OpenSSL in December 2011 and has been out in the wild since OpenSSL release 1.0.1 on 14th of March 2012. OpenSSL is the most popular open source cryptographic library and TLS (transport layer security) implementation used to encrypt traffic on the Internet. Your popular social site, your company's site, commerce site, hobby site, site you install software from or even sites run by your government might be using vulnerable OpenSSL. All of the above is a direct quote and authored by the fine folks at heartbleed.com. It may be worth noting that one of the measures recommended (and indeed a good idea) - certificate revocation. Unfortunately, certificate revocation has some problems. [more inside]
posted by el io on Apr 7, 2014 - 195 comments

goto fail;

Yesterday, Feb 21, Apple computer released a security patch with a vague description of SSL fixes. It turns out that it's quite a bug which would trivially allow Man in the Middle attacks for assumed-secure connections via SSL. Folks dug into the code and found the code resulting in the bug. If this affects you and your devices, you might want to go upgrade.
posted by rmd1023 on Feb 22, 2014 - 135 comments

SSL vs. The Universe.

SSL vs. The Universe A few concessions were made in the creation and visualization of these materials. The Big Bang shown is simply an artistic interpretation of the event. Most experts agree that there was no giant “explosion” at the start of time. The math.
posted by OmieWise on Jul 10, 2012 - 47 comments

Decentralized SSL Observatory

EFF's HTTPS Everywhere v2 adds support for Chrome and adds Decentralized SSL Observatory to the FireFox version, [more inside]
posted by jeffburdges on Feb 29, 2012 - 20 comments

DigiNotar SSL certificate compromise

Two days ago a user asked Google about a strange warning he was getting when trying to access Gmail from Iran. Turns out he was getting a fraudulent SSL certificate that was issued incorrectly for *.google.com by DigiNotar, a Dutch certificate authority. It seems likely this was a deliberate man-in-the-middle attack to snoop email in Iran. This attack is the second SSL certificate compromise in a year (previously), pointing to a fundamental design flaw in Internet security. [more inside]
posted by Nelson on Aug 30, 2011 - 45 comments

Comodo Registration Authority compromised

The circumstantial evidence suggests that the attack originated in Iran. Every time you see a little lock icon in your browser and are using HTTPS connections, odds are you're using a site whose certificate was signed by an Certificate Authority like VeriSign, Comodo, or Thawte. This week, SSL certificate provider Comodo announced that one of its accounts had been compromised. The attacker used the account to generate 9 bogus certificates to use for 7 well-known domains. While the breach was discovered and the certificates were revoked, it does raise questions about the chain of trust for all SSL certificates. [more inside]
posted by fifteen schnitzengruben is my limit on Mar 24, 2011 - 49 comments

"Collectively, we lose more than 10,300 hours per year retrieving lost passwords."

LastPass is the last password manager you'll ever need. Available on almost all common platforms, its easy to use, and free. [more inside]
posted by crunchland on Jul 11, 2010 - 73 comments

"Be afraid. Be very afraid."

Starting today, Starbucks is offering free wifi in all of their US and Canadian stores. This has computer security folks a little edgy, since it could allow hackers and computer miscreants new opportunities to steal the data of unsuspecting computer users, and prompted Steve Gibson, computer security guru, to advise people to "just be afraid. Be very afraid." This applies to people who use laptops, wifi enabled cellphones and pdas. But there are ways to protect yourself. [more inside]
posted by crunchland on Jul 1, 2010 - 93 comments

Of course I want gimmicks, I'm a record producer!

DVDs to save the music industry (video interview) Record Producers discuss illegal downloads, home studios and why 5.1 DVD sound just might be the future. [more inside]
posted by Lanark on Jun 15, 2009 - 62 comments

The Middler

Your Gmail account isn't secure. Announced at Defcon 16, Jay Beale's tool, The Middler (man-in-the-middle) to steal session ID from not only Gmail users, but LinkedIn, LiveJournal, Facebook, and presumably any site that uses a session-based cookie. Enable https permanently. (previously)
posted by sluglicker on Aug 28, 2008 - 53 comments

15 bits of crypto should be enough for anybody

On May 13, security advisories published by Debian and Ubuntu revealed that, for over a year, their OpenSSL libraries have had a major flaw in their CSPRNG, which is used by key generation functions in many widely-used applications, which caused the "random" numbers produced to be extremely predictable. [lolcat summary] [more inside]
posted by finite on May 16, 2008 - 81 comments

Cesar Millan Ain't Got Nothin' On Me

What do a balding man with a unique talent, shopping carts, and Extended Validation SSL Certificates have in common? Well, this: Liberty Fillmore: The Cart Whisperer (YT). Won't you think of the carts and visit No More Abandoned Carts today?
posted by schleppo on Feb 28, 2008 - 10 comments

Eudora Releases 5.1...

Eudora Releases 5.1... an incremental release is seldom worth a post, but with 5.1 comes support for SSL! Which makes me very happy: our SysAdmin banned us from hooking up to our mail server until we had an e-mail client that was A) SSL-enabled and B) not a product of Microsoft... finally! I can get my corporate e-mail without having it forwarded to my Yahoo! e-mail account! : )
posted by silusGROK on Apr 23, 2001 - 18 comments

Page: 1