SSL

By Simon, 10 January, 2014

[Update: 4th Feb 2014 - Firefox 27 enables TLS 1.1 and 1.2 by default now]

If you think your web browser is secure, think again. If you run over to How's My SSL?, you will get a quick summary of what your browser looks like to the outside world.

Even if you keep up with the current release version, you'll be surprised to find your browser will probably get the following report:

Your SSL client is Bad.

Why? Because the latest security features in your browser includes may be installed disabled.

By Simon, 27 November, 2013

In a previous blog post, I mentioned that SSL proxy servers, deployed in 1999, were used for finding and monitoring the downloading of porn. In the context of that blog post, this was originally done to find employees who were wasting work time, and provide a solid reason for terminating a non-productive employee without the unions pitching a fit.

Fast forward to 2013, and that same tech is being used to "undermine a target's credibility, reputation and authority"...

By Simon, 20 November, 2013

Here's a gem:

According to revelations about the QUANTUM program, the NSA can “shoot” (their words) an exploit at any target it desires as his or her traffic passes across the backbone... Which means the rest of us — and especially any company or individual whose operations are economically or politically significant — are now targets. All cleartext traffic is not just information being sent from sender to receiver, but is a possible attack vector.