Netflix have announced the release of the Message Security Layer protocol (MSL), which they describe as ‘A Modern Take on Securing Communication’. The project is available on github under the Apache 2.0 license, with implementations in Java and JavaScript. The high level goals of the protocol are to improve performance, be cross language, ... Read More »
The SSL 3.0 vulnerability stems from the way blocks of data are encrypted under a specific type of encryption algorithm within the SSL protocol. The POODLE attack takes advantage of the protocol version negotiation feature built into SSL/TLS to force the use of SSL 3.0 and then leverages this new vulnerability to decrypt select content ... Read More »
If you haven’t done it yet, it’s officially time to get your site more secure. As of this past Wednesday, Google is motivating websites to become secure and is using its search engine results’ ranking as incentive. In a recent blog post by Zineb Ait Bahajji and Gary Illyes, Webmaster Trends analysts for Google, they announced ... Read More »
Google Gmail application for iOS is exposed to risks of a Man-in-the-Middle attack which allow bad actors to monitor encrypted email communcations. A security expert at mobile security firm Lacoon has discovered that the version of Gmail for iOS based mobile device does not perform the certificate pinning procedure when ... Read More »
