Aug 16
Posted by The Gunslinger in news, security | No Comments
The kind folks over at Qualys are running a site which will “grade” an SSL server based on its security configuration. The site below will generate a report card of a site’s SSL configuration based on factors such as the certificate chain, cipher suites, and protocols allowed.
I learned of the site by listening to Qualys’ Ivan Ristic, primary author of Apache’s mod_security, on the Eurotrash Security podcast.
May 24
Posted by The Gunslinger in google, news, privacy | No Comments
According to this H article, Google is beginning to beta a new feature of providing SSL for their standard web search service. As one commenter noted, Google is still collecting the same information from your searches but this will limit 3rd parties from eavesdropping on your search queries. Remember SSL doesn’t guarantee absolute privacy as there’s Moxie Marlinspike’s work, chance of CA intermediaries, and your employer loading their own trusted CA’s into your corporate devices.
There’s a nice tool that will perform SSL man in the middle attacks. In layman’s terms this means when this tool is run on a gateway it will create a clear text HTTP stream on the network (that you can sniff) when someone creates a HTTPS session. i.e. Someone logs into Gmail via HTTPS and there will be an HTTP clear text mirror of that session which you can sniff via Wireshark.
Check it out here: www.thoughtcrime.org/software/sslstrip/
Arclite theme by digitalnature | powered by WordPress