Topic: tls

A deeper look into OpenVPN: Security vulnerabilities

OpenVPN is the backbone of online security. It is supported in many popular virtual private network (VPN) providers such as NordVPN and ExpressVPN, and continues to receive frequent updates well into its 17th year in operation. It’s an unwritten rule of information technology, however, that popular security protocols will attract the largest contingent of hackers. … continue reading

SD Times news digest: Instana’s new monitoring and tracing capabilities, Synopsys’ embARC, and Facebook Fizz DoS vulnerability

Instana has added monitoring and tracing support for NGINX and Envoy Application Proxies. This will provide developers with performance visibility and individual traces for every transaction in the browser. This data is automatically captured and integrated with Instana’s sensor and tracing technologies, the company explained. “While Application Proxies are an important part of creating on-demand … continue reading

SD Times Open-Source Project of the Week: Fizz

In order to implement the new generation of Transport Layer Security, TLS 1.3, at Facebook, the company built a TLS library in C++ 14 called Fizz. Earlier this week, Facebook announced it was open sourcing that library. TLS 1.3 added several new features to make Internet traffic more secure, such as encrypting handshake methods, redesigning … continue reading

IETF approves Transport Layer Security 1.3

The Internet Engineers Task Force (IETF) has announced the Transport Layer Security protocol version 1.3 is now an Internet standard. The IETF is an open standards organization whose mission is to ensure an open and transparent web. The new protocol is a security layer designed to protect the web from unauthorized access. “TLS allows client/server … continue reading

Top 10 vulnerabilities in mobile applications

My team in the Threat Research Center at WhiteHat Security specializes in mobile application business logic assessments, which is a hands-on penetration test of both mobile client-side apps and the business logic that can be used to circumvent the security built into the program. In a rapid application development environment, it’s a best practice (and … continue reading

Nmap 7 is released

The quintessential open-source network mapper, Nmap, was updated to version 7 yesterday. This version includes mature IPv6 support and expanded capabilities for its scripting engine. The biggest draw for security-wary developers and admins alike, however, may be the top-shelf SSL/TLS scanning. With SSL and TLS vulnerable to so many different attacks discovered over the past … continue reading

Amazon’s s2n TLS implementation, the AllSeen Alliance Superconnector, and Zephyr Mobile—SD Times news digest: June 30, 2015

Amazon has introduced s2n, a new open-source implementation of the TLS encryption protocol. The s2n implementation, short for “signal to noise,” is a library designed to be small, fast and simple. s2n avoids implementing rarely used TLS options and extensions, and it contains little more than 6,000 lines of code. Amazon plans to integrate s2n … continue reading

OpenSSL to undergo massive security audit

Now that its codebase is finally viewed as stable, OpenSSL is getting a good top-to-bottom once-over in the form of a sweeping audit. It’s been close to a year since the Heartbleed bug sent the Internet into a frenzy over security. It spurred the software industry to rally behind OpenSSL—sending in more developers, revamping the … continue reading

NativeScript public beta, Adobe’s approach to flaw detection, and Django REST framework 3.1—SD Times news digest: March 6, 2015

It has been almost a year since Telerik announced its cross-platform framework for Android, iOS, and Windows. Today, that NativeScript framework is finally making it into public beta. Valentin Stoychev, product line manager at Telerik, announced that developers can start using the framework to build native mobile apps with CSS and JavaScript. “We have been … continue reading

New SSL/TLS vulnerability discovered

Security researchers have revealed a new software vulnerability that is leaving Apple and Google users open to a hack attack. The vulnerability, Factoring RSA export keys (also known as the FREAK attack), was found in SSL/TLS—the protocol meant to provide secure Web connections. According to the miTLS team, composed of Inria (a research organization in … continue reading

DMCA.com Protection Status