Skip to main content

SSL

Researchers devise new attack techniques against SSL

posted onFebruary 6, 2013
by l33tdawg

The developers of many SSL libraries are releasing patches for a vulnerability that could potentially be exploited to recover plaintext information, such as browser authentication cookies, from encrypted communications.

The patching effort follows the discovery of new ways to attack SSL, TLS and DTLS implementations that use cipher-block-chaining (CBC) mode encryption. The new attack methods were developed by researchers Nadhem J. AlFardan and Kenneth G. Paterson at the University of London's Royal Holloway College.

Google calls for a more secure web & expands SSL encryption to local domains

posted onMarch 6, 2012
by l33tdawg

Last year, Google introduced SSL (Secure Sockets Layer) encryption to searches made through Google.com. Now, the effort to strengthen user privacy through encrypted search queries is becoming global, and Google hopes this will “motivate other companies to adopt SSL more broadly.”

Note that countless users have their own concerns with Google and how it handles user data. SSL obviously can’t solve issues of trust, and that’s a separate issue. As far as keeping users safe from outside threats, this is a solid move. The announcement, from Google Software Engineer, Michael Safyan: