Jack's Right →

April 13, 2017 by Marc Handelman in All is Information, Common Sense, Transport Security, Transport Layer Security, TLS, Web Security, Network Security

Of course he is; and why wouldn't he be? Just plain old common sense, dammit. Read his superlatively on-target post, and you'll understand exactly why - in fact - Jack is right.

33c3, Filippo Valsorda's and Nick Sullivan's 'Deploying TLS 1.3: The Great, The Good and The Bad →

January 27, 2017 by Marc Handelman in All is Information, Conferences, Information Security, Network Security, Networks, Transport Layer Security

Meanwhile, In Illicit SSL Certificate News... →

January 23, 2017 by Marc Handelman in Blatant Stupidity, Certificate Authority, Transport Layer Security

Blatant stupidity displayed by Symantec Corporation (NasdaqGS:SYMC) in the hotly-contested CA space is the topic of todays' how-not-to-do-business-in-the-technical-sector. Evidence published on Friday of last week, by Ars Technica Security Editor Dan Goodin points to illicit CA artifact issuance by the company. The discovery was made by a third party reseller monikered SSLMate. Read it and weep for the encrypted interwebs.

Google Disables SSL and RC4, Better Late Than Never →

October 05, 2015 by Marc Handelman in All is Information, Encryption, Information Security, Transport Layer Security

Adam Langley posts good news... Google Inc. (NasdaqGS: GOOG) has finally made the move, and is in the process of disabling SSL v3 (obsoleted 16 years ago) and RC4.

SSLv3 has been obsolete for over 16 years and is so full of known problems that the IETF has decided that it must no longer be used. RC4 is a 28 year old cipher that has done remarkably well, but is now the subject of multiple attacks at security conferences. The IETF has decided that RC4 also warrants a statement that it too must no longer be used. - via Adam Langley writing at the Google Online Security blog.