Ücretsiz güvenlik sertifikası edinebileceğiniz bir site.
Detaylar için aşağıdaki adresi inceleyebilirsiniz.
Showing posts with label ssl. Show all posts
Showing posts with label ssl. Show all posts
Tuesday, June 13, 2017
free, automated, and open Certificate Authority
Let’s Encrypt is a free, automated, and open Certificate Authority.
Monday, January 25, 2016
HTTPS Bicycle Attack - Obtaining Passwords From TLS Encrypted Browser Requests
A paper detailing a new attack vector on TLS was released on December 30. The attack, known as the HTTPS Bicycle Attack,
is able to determine the length of specific parts of the plain-text
data underneath captured TLS packets using a side-channel attack with
already known information. The attack has a few prerequisites but could
be applied in a real world scenario, and is completely undetectable due
to its passive nature.
Some of the key observations of this attack are as below:
http://blogs.forcepoint.com/security-labs/https-bicycle-attack-obtaining-passwords-tls-encrypted-browser-requests
https://guidovranken.files.wordpress.com/2015/12/https-bicycle-attack.pdf
You can keep up to date with the discussion of HTTPS Bicycle on Reddit at https://www.reddit.com/r/netsec/comments/3zc5qu/https_bicycle_attack/
Executive Summary
The HTTPS Bicycle attack can result in the length of personal and secret data being exposed from a packet capture of a user's HTTPS traffic. For example, the length of passwords and other data (such as GPS co-ordinates) can be determined simply by analysing the lengths of the encrypted traffic.Some of the key observations of this attack are as below:
- Requires a packet capture containing HTTPS (TLS) traffic from a browser to a website
- The TLS traffic must use a stream-based cipher
- Can reveal the lengths of unknown data as long as the length of the rest of the data is known - this includes passwords, GPS data and IP addresses
- Packet captures from several years ago could be vulnerable to this attack, with no mitigation possible
- The real world impact is unknown, as there are several prerequisites that may be hard to fulfill.
http://blogs.forcepoint.com/security-labs/https-bicycle-attack-obtaining-passwords-tls-encrypted-browser-requests
https://guidovranken.files.wordpress.com/2015/12/https-bicycle-attack.pdf
You can keep up to date with the discussion of HTTPS Bicycle on Reddit at https://www.reddit.com/r/netsec/comments/3zc5qu/https_bicycle_attack/
Tuesday, January 13, 2015
add a certificate authority (CA) to Ubuntu
# cp /home/user/workspace/SecureCommunication/certs/valid3/cacert.pem /usr/local/share/ca-certificates/custom-cacert.crt# update-ca-certificatesUpdating certificates in /etc/ssl/certs... WARNING: Skipping duplicate certificate UbuntuOne-ValiCert_Class_2_VA.pemWARNING: Skipping duplicate certificate UbuntuOne-ValiCert_Class_2_VA.pemWARNING: Skipping duplicate certificate UbuntuOne-Go_Daddy_Class_2_CA.pemWARNING: Skipping duplicate certificate UbuntuOne-Go_Daddy_Class_2_CA.pem1 added, 0 removed; done.Running hooks in /etc/ca-certificates/update.d....Adding debian:custom-cacert.pemdone.done.
Subscribe to:
Posts (Atom)