06Apr, 2011

SSL Renegotiation DOS FAQ

Frequently Asked Questions related to SSL Renegotiation Denial of Service Q. What is the difference between SSL and TLS? A. SSL and TLS is the same thing. For trademark reasons when SSL became an open standard it had to change its name from SSL to TLS. TLS 1.0 is essentially SSL 3.1 – it even […]

04Apr, 2011

Browser Security

Attacks are moving from your operating system to your third party applications including but not limited to your web browser, PDF reader, video players, etc. Additionally, software makers patch their software multiple times per year. For these reasons, I recommend you ensure ALL your software is up to date. To check if your browser and […]

13Mar, 2011

SSL Renegotiation Denial of Service

Having SSL Renegotiation enabled is a denial of service attack vector. An SSL Renegotiation Man in the Middle vulnerability was reported in 2009 as CVE-2009-3555. The vulnerability relies on two key issues: having SSL Renegotiation enabled and having a vulnerable SSL Implementation (pre RFC 5746 also known as insecure renegotiation). There is another issue that ONLY requires having […]