The FREAK attack does not affect SSL Certificates, but admins should disable export-grade ciphers on all servers. Users should install patches for their browsers as they become available.
It’s up to the infosec community to reach out to engineering and manufacturing and to help them understand security risks and best practices. We need to engage in conversation. We need to gain a seat at the table so that security is not an afterthought in the era of connectivity.
In the last two weeks, we have seen quite a few poor security practices in use with Superfish, Komodia/Lavasoft, and now PrivDog.
Lenovo’s violation of security best practices demonstrates the dangers of using self-signed certificates and the importance of the public trust system.
50% of consumers stated that data security is a major factor when they choose who to shop from online.
Like any other tool, Certificate Inspector is only as effective as you make it.
Over 90% of data breaches in the first half of 2014 could have been prevented. What are you doing to make 2015 different?
TLS is an upgraded version of the SSL protocol and is the most secure choice for transaction security.
Bruce Potter talks about the new reality of information security and its evolution to cyber security at ShmooCon 2015.