Notices tagged with https
-
Security with #HTTPS and #SSL |# Android Developers - https://developer.android.com/training/articles/security-ssl.html
-
#https I'm using the "https everywhere" extension in Firefox. I just discovered a major logical flaw in it: sometimes a page jus isn't available as https, and you can change the protocol manually (back) to http. So far so good. But when you do this, it still attempts to load resources (such as scripts) via https - while you can pretty much expect they won't be available under https either - after all the main page wasn't written to support it. Result: a page that misbehaves badly because essential scripts (silently) don't load. !grrr It took me way too long to figure this out! For now I'll leave the extension disabled, for some sites I frequent this is just too disruptive. In addition, the extension cannot be configured to allow/disallow http for specific urls - another weakness. #logicalbug
-
“Forbidden attack” makes dozens of #HTTPS Visa sites vulnerable to tampering https://gnusocial.no/url/192593
-
and tomorrow #https is a #crime ?! #Encryption is “essential tradecraft” of terrorists, FBI director says https://gnusocial.no/url/182903
-
@schtobia Dir ist aber schon klar, dass es bei diesem Ciphern (mit den meisten Server-Konfigurationen - welche kleine 1024bit Diffie Hellman-Schlüssel einsetzen) davon ausgegangen wird, dass die #NSA diese in Echtzeit knackt? https://www.eff.org/deeplinks/2015/10/how-to-protect-yourself-from-nsa-attacks-1024-bit-DH #Logjam #HTTPS !verschluesselung
Und im Gegensatz zu #ECDHE gibt es hier nicht nur vage Vermutung, dass das angegriffen werden könnte, sondern es gibt belegte Vermutungen (anhand des geleakten Haushaltsplanes).
Es entbehrt also nicht einer gewissen Ironie, wenn du ECDHE deaktivierst aber DHE weiterhin benutzt. Und man muss natürlich bedenken: Ist beides deaktiviert, gibt es meistens nur noch RSA ohne #ForwardSecrecy. Du hast also hier die Wahl...
Eine deutsche Erläuterung von mir gibt es dazu noch hier: https://gnusocial.de/url/2752252
-
!gnusocialde @vinzv Wie wäre es eigentlich auch mal mit #HTTPS bei https://wiki.gnusocial.de?
-
LibrePlanet.org is now using the Let's Encrypt CA: https://u.fsf.org/1in #letsencrypt #https #security #privacy
-
LibrePlanet.org is now using the Let's Encrypt CA: https://u.fsf.org/1in #letsencrypt #https #security #privacy
-
Endlich funktioniert @letsencrypt in allen großen Browsern! #HTTPS für alle!!! https://letsencrypt.org/howitworks/ #digitalAikido
-
They appear to disable inline linking of "mentions". I think this also works for urls. Let's see #https://indy.im/
-
Game-over #HTTPS defects in dozens of #Android apps expose user passwords http://feeds.arstechnica.com/~r/arstechnica/index/~3/pe9l4loZCRk/
-
#Logjam is a new #attack against the #Diffie-Hellman key-exchange protocol used in #TLS
https://www.schneier.com/blog/archives/2015/05/the_logjam_and_.html
Check your servers here: https://weakdh.org/sysadmin.html
#schneier #security #ssl #https #vpn #vulnerability #weakdh
-
#Logjam is a new #attack against the #Diffie-Hellman key-exchange protocol used in #TLS
https://www.schneier.com/blog/archives/2015/05/the_logjam_and_.html
Check your servers here: https://weakdh.org/sysadmin.html
#schneier #security #ssl #https #vpn #vulnerability #weakdh