Skip to main content

Search

Items tagged with: TLS


 
Javascript-Server: Node.js 12 bringt TLS 1.3 und wird LTS #Nodejs #Javascript #TLS #API #Server #Applikationen #OpenSource #Softwareentwicklung


 
#torrent #online #torrenttohttps #https #tls #ssl
Anyone heard of ZbigZ? Andyone heard of any alternatives to it?


 
MTA-STS: Gmail unterstützt Verschlüsselung zwischen Mailservern #Gmail #Datensicherheit #E-Mail #Man-in-the-Middle #TLS #Verschlüsselung #Google #Internet #Security


 
Sicherheitsprobleme: Schlechte Passwörter bei Ärzten #Medizin #BSI #Datensicherheit #Passwort #Phishing #Sicherheitslücke #TLS #Security


 
Старый но актуальный #FAQ про защиту и шифрование данных по HTTP.
Для читателей любого уровня подготовки.

Популярно о перехвате HTTPS

Bild/Foto
В св
... show more


 
Schwere Sicherheitslücke in SSL/TLS-Bibliothek axTLS #Patchday #SSL #Sicherheitslücken #TLS #Updates #Webserver #axTLS


 
‪Packed room for the #TLS discussion at #IETF104 - ‬
Bild/Foto
Bild/Foto


 
Now remote #TLS report from the people in #Mauritius. Sound is awful, Terminator-like. They added TLS 1.3 in nmap, Kubernetes, Nagios, wget...

#IETF104


 

Securing DNS Queries with Dotproxy

dotproxy (Github) is a robust, high-performance DNS-over-TLS proxy. It is intended to sit at the edge of a private network between clients speaking plaintext DNS and remote TLS-enabled upstream server(s) across an untrusted channel. dotproxy performs TLS origination on egress but listens for plaintext DNS on ingress, allowing it to be completely transparent to querying clients. By encrypting all outgoing DNS traffic, dotproxy protects against malicious eavesdropping and man-in-the-middle attacks.
#dns #security #tls #dotproxy #proxy #foss


 

Securing DNS Queries with Dotproxy

dotproxy (Github) is a robust, high-performance DNS-over-TLS proxy. It is intended to sit at the edge of a private network between clients speaking plaintext DNS and remote TLS-enabled upstream server(s) across an untrusted channel. dotproxy performs TLS origination on egress but listens for plaintext DNS on ingress, allowing it to be completely transparent to querying clients. By encrypting all outgoing DNS traffic, dotproxy protects against malicious eavesdropping and man-in-the-middle attacks.
#dns #security #tls #dotproxy #proxy #foss


 
Bild/Foto

Cloudflare made public dashboard for their TLS interception monitor.


TLS interception is a process when your protected connection to some website is broken up to examine the content and then forwarded again - transparently for you. This can be legitimate (e.g antivirus check or enterprise compliance) or malicious (surveillance and hacking). Basically it is like opening a letter, peeking (or messing with) the contents, closing it up again and sending on its way.

It looks like 25-30% of all protected traffic is being snooped on.

Since Cloudflare processes around 10% of entire Internet traffic the global picture should look similar. Of course absolute majority of it is made up by enterprise proxies that legitimately inspect employees traffic for malware scanning and other compliance... but still. So much for that green lock being security and privacy panacea 😀

#cloudflare #internet #privacy #tls


 
Principe d'échange de clés Diffie-Hellman avec des pots de peinture. L'orateur est daltonien et a fait aveuglément confiance à sa femme.
https://fr.m.wikipedia.org/wiki/%C3%89change_de_cl%C3%A9s_Diffie-Hellman#/media/Fichier%3ADiffie-Hellman_Key_Exchange_(fr).svg
#TLS #Breizhcamp


 
Zertifikats-Verwaltung: ACME-Protokoll wird IETF-Standard #ACME #IETF #ISRG #TLS #Verschlüsselung


 
Von Spezifikationen und Geheimdiensten: Hinter den Kulissen eines Zertifikats-Skandals #DarkMatter #Geheimdienste #TLS #Zertifikate


 
Zertifizierungsstellen: Millionen TLS-Zertifikate mit fehlendem Zufallsbit #TLS #Datensicherheit #GoDaddy #Apple #Google #Technologie #Applikationen #Internet #Security


 
Europäische Standards-Organisation warnt USA vor TLS 1.3 #CryptoWars #ETSI #IETF #Standards #TLS #eTLS


 
Programmiersprache: Go 1.12 unterstützt TLS 1.3 #Go #Datensicherheit #Programmiersprache #TLS #Server #Applikationen #OpenSource #Security #Softwareentwicklung


 
TLS: Immer wieder Padding Oracles #TLS #BlackHat #Chacha20 #Citrix #Datensicherheit #Netzwerk #OpenSSL #SSL #Sicherheitslücke #API


 

ETS Isn't TLS and You Shouldn't Use It


The good news: TLS 1.3 is available, and the protocol, which powers HTTPS and many other encrypted communications, is better and more secure than its predecessors (including SSL). The bad news: Thanks…
Article word count: 477

HN Discussion: https://news.ycombinator.com/item?id=19255227
Posted by j4cob (karma: 177)
Post stats: Points: 138 - Comments: 56 - 2019-02-26T15:49:49Z

#HackerNews #and #ets #isnt #... show more


 
#tls #security #Privatsphäre #Datenschutz #PoweredByRSS


 
Mozilla: TLS-Zertifikate von der Spionagefirma aus den Emiraten #TLS #Browser #Datensicherheit #EFF #NSA #Spionage #Mozilla #Technologie #Applikationen #Internet


 
RFC 8492: Secure Password Ciphersuites for Transport Layer Security (TLS)

Ce #RFC décrit un mécanisme permettant une #authentification lors de l'utilisation de #TLS sans cryptographie à clé publique, mais avec un #motDePasse.

L'auteur réhabilite la notion de mot de passe, souvent considérée comme une méthode d'authentification dépassée.

Le mot de passe n'est pas utilisé tel quel, mais via un protocole nommé TLS-PWD, dont la principale partie s'appelle #Dragonfly.

https://www.bortzmeyer.org/8492.html


 
Kuznyechik/Streebog: Russische Verschlüsselungsalgorithmen infrage gestellt #Backdoor #Datensicherheit #IETF #NSA #Spionage #TLS #Verschlüsselung #Internet #PolitikRecht #Security


 
Neuer Artikel: Umstieg von #Certbot auf #acme.sh zur Generierung von #TLS-Zertifikaten über #LetsEncrypt.
Sollte besonders für #Debian Nutzer interessant sein. #nginx
https://decatec.de/linux/lets-encrypt-umstieg-von-certbot-auf-acme-sh-nginx/


 
\#Netflix :
Using #FreeBSD and commodity parts, we achieve 90 Gb/s serving #TLS -encrypted connections with ~55% CPU on a 16-core 2.6-GHz CPU.
FOSDEM 2019 - Netflix and FreeBSD

Bild/Foto
Netflix has built a #CDN to distribute streaming media through most of the world. The content caches run a lightly customized version of the FreeBSD operating system. This presentation will describe how Netflix uses FreeBSD, and the benefits to both FreeBSD and Netflix. Netflix has built a CDN, called Open Connect, to distribute streaming media thro...


 
\#Netflix :
Using #FreeBSD and commodity parts, we achieve 90 Gb/s serving #TLS -encrypted connections with ~55% CPU on a 16-core 2.6-GHz CPU.
FOSDEM 2019 - Netflix and FreeBSD

Bild/Foto
Netflix has built a #CDN to distribute streaming media through most of the world. The content caches run a lightly customized version of the FreeBSD operating system. This presentation will describe how Netflix uses FreeBSD, and the benefits to both FreeBSD and Netflix. Netflix has built a CDN, called Open Connect, to distribute streaming media thro...


 
Linux: Container-Distro Alpine wechselt von Libre- zu OpenSSL #OpenSSL #Datensicherheit #Docker #Heartbleed #SSL #TLS #Applikationen #OpenSource #Security


 
Ende November hatte der Direktor des NCSC, Ian Levy, im renommierten „Lawfare“-Blog für „Ausnahmen“ von der Ende-zu-Ende-Verschlüsselung plädiert. Das heißt, Anbieter von Messaging-Diensten wie Apple, Facebook, Snapchat und alle anderen sollen nach dem Muster der Telekoms Überwachungsschnittstellen einrichten.


#tls #TLS13 #eTLS


 
OpenSSL 1.1.1: Kryptobibliothek besteht Sicherheitsaudit #Kryptographie #OpenSSL #OpenSSL111 #SSL #TLS #Verschlüsselung


 
Verschlüsselung: Open SSL 1.1.1 überzeugt im Sicherheitsaudit #OpenSSL #Datensicherheit #HTTPS #SSL #TLS #Verschlüsselung #Internet #OpenSource #Security


 
Kritische Sicherheitslücke in Debians Update-Tools #Debian #TLS #Ubuntu


 
Telegram-Bots lassen sich anzapfen #Botnetz #Ende-zu-Ende-Verschlüsselung #TLS #Telegram


 
When you are using Cloudflare to protect your Website, please make sure you set the SSL mode to Strict.

After some fiddling around I noticed that Cloudflare's default setting (flexible) uses plaintext HTTP connections between Cloudflare and your server. You don't want to expose your user's data to the rest world, do you?

Might even has GDPR implications.

#Cloudflare #TLS #infosec


 
TLSv1.2 with cipher ECDHE-ECDSA-CHACHA20-POLY1305

Ah, la joie du #TLS moderne, avec des courbes sexy, et des noms rigolos.
#TLS


 
RFC 8461: SMTP MTA Strict Transport Security (MTA-STS)

La question de la sécurité du #courrier_électronique va probablement amener à la publication de nombreux autres #RFC dans les années qui viennent… Notre RFC apporte une solution, #STS, publier dans le DNS un enregistrement texte qui va indiquer qu'il faut télécharger (en HTTP) la politique de sécurité #TLS du serveur.

https://www.bortzmeyer.org/8461.html


 
Ah, les rois de l'Internet. outlook.com annonce une politique #STS https://dns.bortzmeyer.org/_mta-sts.outlook.com/TXT mais quand on essaie de la récupérer, paf, 404 https://mta-sts.outlook.com/.well-known/mta-sts.txt

#TLS #cybersécuritay #SMTP


 
I got a backup of the pod installed on #Azure #Kubernetes service. It took a bit of doing, but I learned a bunch of things along the way, and I have to say a hosted Kubernetes environment has some distinct advantages:

* no worry about hardware failures: if a node goes down, Kubernetes will shift the load over to other nodes with room (and you can have multiple instances running too) and Azure will spin up a VM on a new node, and #k8s will shift the load back
* less resource contention: having n nodes to run your applications allows them to all run faster
* no playing sysadmin: I don't need to maintain OSes and patch levels, outside of my own containers
* less downtime: I can do rolling updates and my users won't even notice most of the time
* better automation: #... show more


 
Das gefällt mir!
♲ Golem.de - Security ():
Bionic Beaver: Ubuntu 18.04 bekommt OpenSSL 1.1.1 und TLS 1.3 als Update
Die aktuelle Ubuntu-Version 18.04 mit Langzeitsupport bekommt demnächst die aktuelle OpenSSL-Version 1.1.1 und damit Langzeitsupport der Hauptentwickler für die wichtige Krypto-Bibliothek. Damit kann auch TLS 1.3 genutzt werden. Pakete wie Apache sollen ebenfalls angepasst werden. (Ubuntu, Verschlüsselung) Bild/Foto- - - - - -

https://www.golem.de/news/bionic-beaver-ubuntu-18-04-bekommt-openssl-1-1-1-und-tls-1-3-als-update-1812-138331.html
[l]

#tls #openssl #ubuntu


 
RFC 8467: Padding Policies for Extension Mechanisms for DNS (EDNS(0))

#DNS Chiffrer pour assurer la confidentialité, OK. Mais un problème de #TLS est qu'il ne dissimule pas les métadonnées, et notamment la taille des messages. La solution en cryptographie face à ce risque est le remplissage. Comment concilier un remplissage efficace pour la confidentialité avec le désir de limiter la consommation de ressources réseaux ?

https://www.bortzmeyer.org/8467.html

#RFC #viePrivée


 
Tiens, la bogue de l'intercepteur de sessions #TLS de #BlueCoat avait d'abord (à tort) été attribuée à Google Chrome. Mais le rapport de bogue a été rendu non visible https://bugs.chromium.org/p/chromium/issues/detail?id=694593 Pourquoi ? #paranoïa
#TLS


 
Die Schlacht um Aufschlüsselungs-Optionen für TLS haben Strafverfolger und Provider verloren. Eine Forschungsgruppe soll nun die Gefahrenabwehr ausloten. #Angriffe #IETF #IRTF #Malware #NCSC #TLS #Verschlüsselung


 
Die Schlacht um Aufschlüsselungs-Optionen für TLS haben Strafverfolger und Provider verloren. Eine Forschungsgruppe soll nun die Gefahrenabwehr ausloten. #Angriffe #IETF #IRTF #Malware #NCSC #TLS #Verschlüsselung