Around 2 years back we talk about how to upgrade to SHA-256 and ECC SSL (ECDSA) certificate for the TLS/SSL certificate users. Secure Hash Algorithm 1 is a Cryptographic hashing function. Secure Hash Algorithm 1 (SHA-1) is Circumvented by Google Research For Testing Vulnerability. Some researchers theorised vulnerabilities of SHA-1 from 2005 and now have been exploited for the first time with an … [Read more...]
New Firefox, Chrome Will Warn Non-HTTPS Websites as Insecure
The idea of adding some warning for the non-HTTPS websites is not new, it was planned from 2014. As Expected, From First Half of 2017, New Versions of Firefox & Chrome Will Warn Non-HTTPS Websites as Insecure. After availability of Free Let's Encrypt SSL certificate as well as low cost DV SSL (read the comparison of Free Let's Encrypt SSL with paid DV SSL), there can not be much reasons for … [Read more...]
Warning : TCP Stack Vulnerability in the Linux Kernel (CVE-2016-5696)
Researchers at the University of California have identified a dangerous vulnerability in the TCP (Transmission Control Protocol) used by Linux. The finding of flaw dates back to the end of 2012 but was discovered only recently. They are working with the community for some preventive measures (like an update for clients and hosts) as a pending official patch. The TCP protocol adopted by Linux is … [Read more...]
Keybase.io : Definitely a Great Idea From Security POV
Keybase.io Definitely a Great Idea From Security Point of View. At least none really ever attempted a well designed website with GUI with PGP. Few weeks back, Author of this article received invitation for joining KeyBase.io. If you are wondering about what is KeyBase.io, short answer - it is a kind of hub of peoples who are usually invited and has to do with coding and has minimum idea about the … [Read more...]
Logjam by NSA Threatens the Security of HTTPS
Logjam, which allows man-in-the-middle attacker to downgrade the vulnerable TLS connections, apparently created by NSA Threatens the Security of HTTPS. The series of various deliberately created security flaws including Heartbleed, are gradually being discovered possibly not even a minor percentage of the total works done by National Security Agency to run their mass surveillance tools. These was … [Read more...]
SELinux and Security in the Context of Cloud Servers
SELinux Was Developed By United States National Security Agency (NSA). SELinux and Security in the Context of Cloud Servers Can Be Questionable. SELinux stands for Security-Enhanced Linux, it is a Linux kernel security module and often used on OpenStack for the clients. OpenStack community has no support from the for SELinux part. It can be a good and practical question to ask the possibility of … [Read more...]
Google and HTTPS : Chrome Will Warn The Users to Not Protected Sites
Google is quite desperate regain their trust after PRISM Revelations. Google Chrome Browser Will Warn the Users to Visit Not Protected Sites. NSA Spyware Activities and the possible of relationship of Heartbleed vulnerability put Google in worser situation ever anything did to Google. Previously, Google AdSense behaved with the Publishers, particularly from India and China like marked thieves. … [Read more...]
Cyber Attacks and Increasing Costs for the Companies
Cyber attacks are not only increasing in recent times but also they are demanding more time and budget to be identified and properly managed. Knowingly or unknowingly, a startup or medium sized company will need to use any form of Cloud Computing Service Model. Advanced Persistent Threat, IP Spoofing becoming more common cyber crimes in the age where everything can be defined by the softwares. … [Read more...]
Generate CSR, Private Key With SHA256 Signature
Here is how to generate CSR, Private Key with SHA256 signature with OpenSSL for either reissue or new request to get SSL/TLS Certificate. We have explained the SHA or Secure Hash Algorithm in our older article. The need to throw a complete new guide to Generate CSR, Private Key With SHA256 Signature is to correct our existing older guides on Generating CSR as almost all the browsers will throw … [Read more...]
What is SHA or Secure Hash Algorithm?
Secure Hash Algorithm (SHA) refers to a group of standardized cryptologic hash functions. These are used to calculate a unique check for any digital data and are the basis for creating a digital signature. The check value is used to ensure the integrity of a message. If two messages give the same test value, is the equality of the messages which normally to be expected to be guaranteed, without … [Read more...]
Technical Aspects of Data Security in the Cloud
Technical aspects of data security in the cloud is one of the main reason why the companies or the end users thinks to be in the cloud. Here is a discussion. Cloud computing is no longer just a buzzword, over the years cloud computing has established itself as a serious technology as alternative resource for infrastructure, platforms and applications. Cloud computing now offers own cloud based … [Read more...]