Today, encryption has become ubiquitous — Google reports that as of June 1, 2019, 94 percent of traffic across all its products and services is encrypted. Google is not the only company reporting a rise in the use of encryption though; all the commonly used browsers, including Safari and Mozilla, are witnessing the same trend. […]
Reminder: That Padlock Doesn’t Mean It’s Secure
We’ve mentioned this before, but the misconception has surfaced again, and it’s worth mentioning again. Looking for the padlock as a sign of a secure legitimate website isn’t an accurate indication that a site is malware free. Recent research indicates that nearly half of all phishing sites display the padlock and a web address that […]
Next Generation Firewalls May Not Stop Malware
Best Defense Against Malicious Encrypted Traffic Bad actors and malicious insiders are concealing threats in encrypted traffic in an attempt to steal sensitive data. In fact, it is predicted that as much as 70% of cyberattacks will use encryption as part of their delivery mechanism by 2019. Meanwhile, the use of encryption is growing rapidly. […]
Three Misconceptions of Breaking and Inspecting SSL Traffic [Video]
There are a lot of misconceptions about breaking and inspecting SSL traffic. So much so that some companies elect to go without the ability altogether. In this video, A10 Senior Federal Lead SE James Schweitzer separates fact from fiction when it comes breaking and inspecting encrypted traffic and highlights the benefits of a dedicated decryption […]
What Are You Doing to Inspect Encrypted Traffic? [Video]
Adversaries are using sophisticated tactics to bypass security defenses and infiltrate networks. Along with employing HTTPS, they’ve begun using SSH and other advanced protocols for data exfiltration. SSH, for example, is often used for remote management access because it performs well. Adversaries now use remote desktop protocol (RDP) and data exfiltration over SSH. And when […]
OpenSSL Patch to Plug Severe Security Holes
The world is about to get another reminder about just how much of the Internet runs on technology maintained by a handful of coders working on a shoestring budget. OpenSSL — the software used by thousands of companies to encrypt online communications — is set to get a security makeover this week: The OpenSSL Software Foundation said it plans to release new versions of its code to fix a number of security weaknesses, including some classified as “high” severity. OpenSSL is deployed at countless organizations, including at Web giants like Facebook, Google and Yahoo — as well as broadly across U.S
‘Poodle’ Bug Returns, Bites Big Bank Sites
Many of the nation’s top banks, investment firms and credit providers are vulnerable to a newly-discovered twist on a known security flaw that exposes Web site traffic to eavesdropping. The discovery has prompted renewed warnings from the U.S. Department of Homeland Security advising vulnerable Web site owners to address the flaw as quickly as possible.
Cryptowall Malvertising – WSWiR Episode 126
Windows 0day, iCloud MitM, and Cryptowall Rises You’re a busy IT guy that barely has time to brush your teeth before running off to work, so who has time to follow security news too? Does this sound like you? If so, let our short weekly video inform you of the most important security news in the time it takes you to enjoy your first cup of coffee
The Poodle SSLv3
So here we go again! SSL is broken once more and this one now leaves us with no SSL Ciphers that we can reliably use in a live production site so I guess this now forces us to use the TLS suite of ciphers which in the past have also had problems. Lets put it this way – if you use any form of SSL ciphers your vulnerable! Qualys have again been quick to update the Qualys SSL Labs Test tool that they provide which is free to use. This will test your SSL Certificate and all the currently usable Ciphers for your site
Source IP Addresses, STunnel, Haproxy and Server Logs
When using proxies such as STunnel and HAProxy it’s easy to loose track of the client source IP address. This occurs for example when HAProxy is used in it’s default configuration to load balance a number of back-end web servers. By default, the source IP address of the packet reaching the web servers is the IP address of the load balancer and not the IP address of the client