Tag Archive | "SSL"


23 September 2014 | 1,658 views

CloudFlare Introduces SSL Without Private Key

Handing over your private key to a cloud provider so they can terminate your SSL connections and you can work at scale has always been a fairly contentious issue, a necessary evil you may say. As if your private key gets compromised, it’s a big deal and without it (previously) there’s no way a cloud […]

Continue Reading

09 April 2014 | 4,505 views

Heartbleed Bug SSL Vulnerability – Everything You Need To Know

Introduction So the Internet has been exploding this week due to the Heartbleed Bug in OpenSSL which effects a LOT of servers and websites and is being hailed by some as the worst vulnerability in the history of the Internet thus far. The main info on the bug can be found at http://heartbleed.com/. In basic […]

Continue Reading

13 March 2013 | 3,485 views

SSLyze v0.6 Available For Download – SSL Server Configuration Scanning Tool

SSLyze is a Python tool that can analyze the SSL configuration of a server by connecting to it. It is designed to be fast and comprehensive, and should help organizations and testers identify misconfigurations affecting their SSL servers. Features SSL 2.0/3.0 and TLS 1.0/1.1/1.2 compatibility Performance testing: session resumption and TLS tickets support Security testing: […]

Continue Reading

26 March 2012 | 4,661 views

SSLyze v0.4 Released – Scan & Analyze SSL Server Configuration

SSLyze is a Fast and Full-Featured SSL Scanner – it enables Better, faster scanning to analyze the configuration of SSL servers. Supports cipher suites scanning, insecure renegotiation verification, session resumption testing, client certificates, and more. Tested on Python 2.6 & 2.7 with Ubuntu and Windows 7, both 32 and 64 bits. Might work on other […]

Continue Reading

07 December 2011 | 11,808 views

sslyze – Fast and Full-Featured SSL Configuration Scanner

Transport Layer Security (TLS), commonly called SSL, is one of the most widely used protocols to secure network communications. As costs fall and user security and privacy expectations rise companies are deploying it more widely every year. Attacks against the CA system, SSL implementation flaws and aging protocol versions have grabbed news headlines, bringing attention […]

Continue Reading

01 July 2011 | 11,912 views

sslsniff v0.7 – SSL Man-In-The-Middle (MITM) Tool

It’s been a while since the last sslsniff release back in August 2009 with version 0.6 – sslsniff v0.6 Released – SSL MITM Tool. Version 0.7 was finally released earlier in the year in April – so here it is. This tool was originally written to demonstrate and exploit IE’s vulnerability to a specific “basicConstraints” […]

Continue Reading

06 June 2011 | 18,458 views

FaceNiff – Taking FireSheep Mobile – Sniff & Intercept Web Sessions With Android

FaceNiff is an Android app that allows you to sniff and intercept web session profiles over the WiFi that your mobile is connected to. It is possible to hijack sessions only when WiFi is not using EAP, but it should work over any private networks (Open/WEP/WPA-PSK/WPA2-PSK). It’s kind of like Firesheep for android, but maybe […]

Continue Reading

20 May 2011 | 12,103 views

Google Proposes Way To Speed Up SSL Handshake

I’m always interesting when it comes to cryptography and cryptographic trickery. We all know, the main problem with SSL is speed – it can really slow your surfing experience down and for most people it annoys them enough to just not use it. Google researchers claim they’ve devised a way to reduce that painful wait […]

Continue Reading

02 May 2011 | 8,678 views

sslsnoop v0.6 – Dump Live Session Keys From SSH & Decrypt Traffic On The Fly

sslsnoop dumps live session keys from openssh and can also decrypt the traffic on the fly. Works if scapy doesn’t drop packets. using pcap instead of SOCK_RAW helps a lot now. Works better on interactive traffic with no traffic at the time of the ptrace. It follows the flow, after that. Dumps one file by […]

Continue Reading

05 March 2010 | 10,242 views

Boffins Crack OpenSSL Library Using Power Fluctuations

Now this is a very interesting technique, as far as I know I’ve not seen anything similar to this before. It’s like a rather bizarre meld of hardware hacking and software exploitation using cryptographic algorithm cracking techniques. Some rather smart fellas have found a way to extract the private SSL key from a device by […]

Continue Reading

Popular Tags

computer-security · darknet · exploits · fuzzing · google · hacking · hacking-networks · hacking-websites · hacking-windows · hacking tool · Hacking Tools · information gathering · malware · microsoft · network-security · Network Hacking · Password Cracking · penetration-testing · Phishing · Privacy · Python · scammers · Security · Security Software · spam · spammers · sql-injection · trojan · trojans · virus · viruses · vulnerabilities · web-application-security · web-security · Web Hacking · windows · windows-security · Windows Hacking · worms · XSS ·