Security News

Firefox 74 Will Disable TLS 1.0 and TLS 1.1 by Default

2020-02-11 12:11

An improvement over the Secure Sockets Layer protocol, TLS is meant to improve the security of the Web, but flaws and weaknesses in older iterations, specifically TLS 1.0 and TLS 1.1, render connections vulnerable to attacks such as BEAST, CRIME and POODLE. The newer TLS 1.2 and TLS 1.3 versions are both faster and safer, and major browser vendors have already laid out plans to deprecate the older releases to ensure the security of their users. Mozilla has already introduced the change in Firefox Beta 73, in which the minimum TLS version allowable by default is TLS 1.2.

#firefox #tls1.0 #TLS

These truly are the end times for TLS 1.0, 1.1: Firefox hopes to 'eradicate' weak HTTPS standard by blocking it

2020-02-10 19:47

Mozilla Firefox will require user intervention to connect to websites using the TLS 1.0 or 1.1 protocol from March 2020 - and plans to eventually block those weak HTTPS connections entirely. Web servers should really be using TLS 1.2 or 1.3 for their encrypted and secure HTTPS connections.

#firefox #http #https #TLS #tls1.0

Leaving your admin interface's TLS cert and private key in your router firmware in 2020? Just Netgear things

2020-01-20 21:23

Netgear left in its router firmware key ingredients needed to intercept and tamper with secure connections to its equipment's web-based admin interfaces. Specifically, valid, signed TLS certificates with private keys were embedded in the software, which was available to download for free by anyone, and also shipped with Netgear devices.

#netgear #cert #router #TLS #firmware

Android Ups the Mobile Security Ante with Default TLS Encryption

2019-12-03 18:00

More than 90 percent of Android apps running on the latest OS encrypt their traffic by default.

#android #encryption #mobile #security #TLS

The NSA Warns of TLS Inspection

2019-11-22 12:16

The NSA has released a security advisory warning of the dangers of TLS inspection: Transport Layer Security Inspection (TLSI), also known as TLS break and inspect, is a security process that...

#NSA #TLS

Over 100,000 Fake Domains With Valid TLS Certificates Target Major Retailers

2019-11-15 09:29

Venafi, a company that helps organizations secure cryptographic keys and digital certificates, says it has uncovered over 100,000 typosquatted domains with valid TLS certificates that appear to...

#certificate #TLS

Explained: How New 'Delegated Credentials' Boosts TLS Protocol Security

2019-11-06 09:19

Mozilla, in partnership with Facebook, Cloudflare, and other IETF community members, has announced technical specifications for a new cryptographic protocol called "Delegated Credentials for TLS."...

#credential #security #TLS

Analysis reveals the most common causes behind mis-issued SSL/TLS certificates

2019-10-14 11:35

We should be able to trust public key certificates, but this is the real world: mistakes and “mistakes” happen. Researchers from Indiana University Bloomington have analyzed 379 reported instances...

#certificate #SSL #TLS

New Reductor Nation-State Malware Compromises TLS

2019-10-10 18:49

Kaspersky has a detailed blog post about a new piece of sophisticated malware that it's calling Reductor. The malware is able to compromise TLS traffic by infecting the computer with hacked TLS...

#compromise #malware #TLS

Critical TLS flaw opens Exim servers to remote compromise

2019-09-10 10:06

A ‘critical’ security vulnerability has been discovered in the Exim mail server that requires admins' urgent attention.

#compromise #critical #exim #server #TLS

Security News {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Security News"}]}

Security News