cipher

Home / cipher

Microsoft Edge and Internet Explorer 11 Will Block Websites with SHA-1 Certificates

Beginning February 14th, 2017, the Microsoft Edge browser and Internet Explorer 11 (IE11) will start blocking websites with a SHA-1 certificate. The browsers will prevent sites that are protected with a SHA-1 certificate from loading and will display an invalid certificate warning. Users will have the option to ignore the error and continue to the [...]

By | November 21st, 2016|Internet|

Sweet32 Attacks Against Triple-DES (3DES) and Blowfish

Legacy ciphers such as triple-DES (3DES) and Blowfish are vulnerable to Sweet32 attacks, which let attackers decrypt HTTPS sessions even without the encryption key. Security researchers were able to use a Sweet32 attack and take authentication cookies from HTTPS-protected traffic using triple-DES (3DES) and Blowfish and recover login credentials to be able to access to [...]

By | August 25th, 2016|Attacks, Security|

NMap Script to Test SSL Versions and Cipher Suites

A few months ago, I wrote an article on how to configure IIS for SSL/TLS protocol cipher best practices. To test your configuration, you can use a handy tool called NMap (nmap.org) or the ZenMap GUI. Included in NMap is a script called ssl-enum-ciphers, which will let you scan a target and list all SSL [...]

By | June 16th, 2016|Security|
Load More Posts