Tuesday, August 2, 2016

SSL in the News

Just a couple positive movements around SSL / HTTPS in the news over the past few months.

8/1/2016 - Google enables HSTS
By using HSTS, visitors following HTTP links to Google.com will be automatically redirected to the more secure HTTPS version of the Google domain. The effort, announced Friday, is meant to protect against protocol downgrade attacks, session hijacking and man-in-the-middle attacks that exploit insecure web connections.

6/8/2016 - Google Gmail deprecating SSLv3 and RC4
Google said that it will initiate on June 16 a gradual deprecation of SSLv3 and RC4 for Gmail IMAP/POP mail clients. Both the crypto protocols cipher are notoriously unsafe and are being phased out in big chunks of the Internet. Google, for its part, had already announced in May that it would no longer support SSLv3 and RC4 connections for Gmail SMTP.

More about neonprimetime

Top Blogs of all-time
  1. pagerank botnet sql injection walk-thru
  2. DOM XSS 101 Walk-Through
  3. An Invoice email and a Hot mess of Java

Top Github Contributions
  1. Qualys Scantronitor 2.0

Copyright © 2016, this post cannot be reproduced or retransmitted in any form without reference to the original post.

No comments:

Post a Comment