Print Page   |   Contact Us   |   Report Abuse   |   Sign In   |   Register
November 2016




When TLS Reads: Totally Lost Security. SHA zam!

2-Hour Live Event: Tuesday, November 15, 2016
Start Time: 9:00 a.m. US-Pacific/ 12:00 p.m. US-Eastern/ 5:00 p.m. London

Click here to register.

Sponsored by:

 
css.png

Overview:

Why isn't patching and updating successful in making us safe, even from known vulnerabilities in products for which fixes are available?
 
We've seen Java vulnerabilities fixed and available on our smart phones, only to be told that our organization cannot support the fix without breaking a critical tool we depend on. We know that improved versions of SSL and TLS were available for many years before they become widely adopted by browser developers and web site administrators. Rather than risk disrupting millions of users, fears of backward compatibility issues drive them to continue to offer vulnerable versions of these protocols and to ignore the dangers of relying on encryption and hash algorithms with known flaws.
 
A recent survey indicates that nearly 98% of websites supporting SSL were still using phishing friendly, weak X.509 digital certificates based on SHA-1. So, how does this bode for the Internet of Things? Will we see millions and millions of more vulnerable devices surround us that cannot be easily patched and managed securely?


Community Search
Sign In


Forgot your password?

Haven't registered yet?

Calendar

9/29/2016
Healthcare SIG Webinar: Use of Cloud Services in the Healthcare Industry

10/6/2016
WOMEN CYBER SECURITY PROFESSIONALS LUNCH AND LEARN

10/7/2016
2016 Cyber Security Conference - Cyber Threat Intelligence

10/11/2016
SANS/ISSA Women's CONNECT Event

10/12/2016 » 10/13/2016
Hawaii's 23rd Annual Discover Security Conference 2016




Copyright © 2016, Information Systems Security Association, All Rights Reserved
Privacy PolicyCopyright Information