SEARCH RESULTS
 
Showing 1-3 of 3 records
1
 
Expand article

Changing the SSL cipher order in Internet Explorer 7 on Windows Vista

2007-11-07 05:37:47 by Steve Riley in Steve Riley on Security
 
Recently, the question of using AES for SSL has come up in the newsgroups and at some conferences. When IE makes an HTTPS connection to a web server, it offers a list of cipher supported cipher suites. The server then selects the first one from the list that it can match. The default order that IE follows is this TLS RSA WITH AES 128 CBC SHA TLS...
 
Tags: sha, null sha, cbc sha p384, cbc sha, cbc sha p521, shorter bit lengths, bit lengths, cbc sha p256, 256-bit aes
 
 
 
 
Expand article

Squirreling Backdoors Into Distribution Points

2007-12-19 22:16:35 by Chris Eng in Zero in a bit
 
So it seems that SquirrelMail 1.4.11 and 1.4.12 were recently backdoored. Similar to some high-profile backdoors in the past, this was done by modifying the distribution tarball on rather than infiltrating the source code repository [1] . In this case, the backdoor was detected when a user noticed that the MD5 published on SquirrelMails website...
 
Tags: md5 collisions, md5, md5 hashes, distribution, php, execute php code, execute, code, md5 unsafe
 
 
 
 
Expand article

No, I Dont Know the Answer to the Big DNS Secret

2008-07-09 15:26:37 by Chris Eng in Zero in a bit
 
Rich Mogulls executive overview of Dan Kaminskys latest DNS vulnerability fluffed a few feathers yesterday The good news is that due to the nature of this problem, it is extremely difficult to determine the vulnerability merely by analyzing the patches; a common technique malicious individuals use to figure out security weaknesses The typical...
 
Tags: design, excellent design protects, excellent design, dan, dan kaminsky, dan bernstein, tom ptacek, attack surface, attack
 
 
 
 
 
Showing 1-3 of 3 records
1
 
RELATED VIDEO
Expand / Minimize
SecurityRatty FAQ
Sergey Zarubin, 31yo
CISSP, CCSP
Moscow, Russia