Print Page   |   Contact Us   |   Report Abuse   |   Sign In   |   Register
November 2016

When TLS Reads: Totally Lost Security. SHA zam!

2-Hour Live Event: Tuesday, November 15, 2016
Start Time: 9:00 a.m. US-Pacific/ 12:00 p.m. US-Eastern/ 5:00 p.m. London

Click here to register.

Sponsored by:



Why isn't patching and updating successful in making us safe, even from known vulnerabilities in products for which fixes are available?
We've seen Java vulnerabilities fixed and available on our smart phones, only to be told that our organization cannot support the fix without breaking a critical tool we depend on. We know that improved versions of SSL and TLS were available for many years before they become widely adopted by browser developers and web site administrators. Rather than risk disrupting millions of users, fears of backward compatibility issues drive them to continue to offer vulnerable versions of these protocols and to ignore the dangers of relying on encryption and hash algorithms with known flaws.
A recent survey indicates that nearly 98% of websites supporting SSL were still using phishing friendly, weak X.509 digital certificates based on SHA-1. So, how does this bode for the Internet of Things? Will we see millions and millions of more vulnerable devices surround us that cannot be easily patched and managed securely?

Community Search
Sign In

Forgot your password?

Haven't registered yet?


ISSA Web Conference: How to Recruit and Retain Cyber-Security Professionals

Chapter Leaders Summit

11/2/2016 » 11/3/2016
2016 ISSA International Conference Registration

11/2/2016 » 11/3/2016
2016 ISSA International Conference

11/3/2016 » 11/4/2016
ISSA CISO Executive Forum - November 2016

Copyright © 2016, Information Systems Security Association, All Rights Reserved
Privacy PolicyCopyright Information