lucky thirteen

(get it in RSS or Atom)

Microsoft leads the way, setting new cryptographic defaults

ts-cracked-250

Microsoft is upping its game with regards to cryptographic standards. By discontinuing support for the older, weak RC4 cipher and putting Certificate Authorities on note to migrate to SHA-2, it seems to be leading the way to be ready for the future, rather than reacting.

Has HTTPS finally been cracked? Five researchers deal SSL/TLS a biggish blow...

ts-cracked-250

Cryptographers have once again put SSL/TLS (that's the padlock in HTTPS) in their gunsights and opened fire.

This time, they've done some severe damage.

Paul Ducklin takes a detailed look...

SSCC 102 - Probably the best 15 minute security podcast you'll hear today

Sophos security Chet Chat podcast 102

Have your joined thousands of others, and become a loyal listener to the "Chet Chat" yet?

Here's the latest Naked Security podcast, Sophos Security Chet Chat 102, discussing a range of recent and newsworthy topics from the world of computer security.

Boffins 'crack' HTTPS encryption in Lucky Thirteen attack

The security of web transactions is again in the spotlight as a pair of UK cryptographers take aim at TLS.

Like 2011's much-talked-about BEAST attack, it has a groovy name: Lucky Thirteen.