Internet Explorer supports free certificates

Sunday, September 27th, 2009

With its last update, Microsoft has added StartCom to the pre-installed root certificates in its operating system. As a result, Microsoft products (such as Internet Explorer) now accept certificates issued by StartCom without prompting the user or requiring any special configurations for the certificates. Third-party programs that use the operating ...

More holes found in Web’s SSL security protocol

Monday, August 3rd, 2009

Security researchers have found some serious flaws in software that uses the SSL (Secure Sockets Layer) encryption protocol used to secure communications on the Internet. At the Black Hat conference in Las Vegas on Thursday, researchers unveiled a number of attacks that could be used to compromise secure traffic travelling between ...

The First Few Milliseconds of an HTTPS Connection

Thursday, June 11th, 2009

Here is a great post from Jeff Moser over at Moserware that gives you a detailed walk-through of what exactly happens when you make an https connection to a server (in this example: amazon.com). So much more happens than just the URL changing from http to https and a padlock ...

SSLstrip – HTTPS Stripping Attack Tool

Thursday, February 26th, 2009

This tool provides a demonstration of the HTTPS stripping attacks that was presented at Black Hat DC 2009. It will transparently hijack HTTP traffic on a network, watch for HTTPS links and redirects, then map those links into either look-alike HTTP links or homograph-similar HTTPS links. It also supports modes ...

Researcher Shows New SSL Website Hack

Saturday, February 21st, 2009

A researcher has found a convincing way to hack the SSL protocol used to secure logins to a range of Web sites, including e-commerce and banking sites. Using a specially-created app, 'SSLstrip', a researcher calling himself Moxie Marlinspike demonstrated to Black Hat Arlington, Va attendees, how vulnerable many SSL connections were ...