Date Author Title

ARRA HIPAA BREACH TLS

2009-05-09Patrick NolanUnusable, Unreadable, or Indecipherable? No Breach reporting required

ARRA

2022-03-11/a>Xavier MertensKeep an Eye on WebSockets
2009-06-06/a>Patrick NolanARRA/HIPAA Breach Reporting Dates Approaching
2009-05-09/a>Patrick NolanUnusable, Unreadable, or Indecipherable? No Breach reporting required

HIPAA

2012-05-31/a>Johannes UllrichSCADA@Home: Your health is no secret no more!
2009-06-06/a>Patrick NolanARRA/HIPAA Breach Reporting Dates Approaching
2009-05-09/a>Patrick NolanUnusable, Unreadable, or Indecipherable? No Breach reporting required

BREACH

2023-09-02/a>Jesse La GrewWhat is the origin of passwords submitted to honeypots?
2016-09-22/a>Rick WannerYAHDD! (Yet another HUGE data Breach!)
2016-08-31/a>Deborah HaleDropbox Breach
2015-04-08/a>Tom WebbIs it a breach or not?
2015-03-21/a>Russell EubanksHave you seen my personal information? It has been lost. Again.
2014-12-01/a>Guy BruneauDo you have a Data Breach Response Plan?
2014-08-23/a>Guy BruneauNSS Labs Cyber Resilience Report
2014-06-13/a>Richard PorterA welcomed response, PF Chang's
2013-12-21/a>Daniel WesemannAdobe phishing underway
2013-10-05/a>Richard PorterAdobe Breach Notification, Notifications?
2013-10-04/a>Johannes UllrichThe Adobe Breach FAQ
2013-07-22/a>Johannes UllrichApple Developer Site Breach
2013-07-21/a>Guy BruneauUbuntu Forums Security Breach
2013-02-22/a>Johannes UllrichZendesk breach affects Tumblr/Pinterest/Twitter
2013-01-04/a>Daniel WesemannBlue for Reset?
2012-11-22/a>Kevin ListonGreek National Arrested on Suspicion of Theft of 9M Records on Fellow Greeks
2012-07-16/a>Jim ClausingAn analysis of the Yahoo! passwords
2012-06-06/a>Jim ClausingPotential leak of 6.5+ million LinkedIn password hashes
2012-01-16/a>Kevin ShorttZappos Breached
2011-09-15/a>Swa FrantzenDigiNotar looses their accreditation for qualified certificates
2011-09-07/a>Lenny ZeltserGlobalSign Temporarily Stops Issuing Certificates to Investigate a Potential Breach
2011-09-06/a>Swa FrantzenDigiNotar audit - intermediate report available
2011-09-01/a>Swa FrantzenDigiNotar breach - the story so far
2011-06-21/a>Chris MohanStartSSL, a web authentication authority, suspend services after a security breach
2011-05-30/a>Johannes UllrichLockheed Martin and RSA Tokens
2011-05-25/a>Lenny ZeltserMonitoring Social Media for Security References to Your Organization
2011-04-28/a>Chris MohanDSL Reports advise 9,000 accounts were compromised
2011-04-20/a>Daniel WesemannData Breach Investigations Report published by Verizon
2011-04-04/a>Mark HofmanWhen your service provider has a breach
2011-03-25/a>Rob VandenBrinkThe Recent RSA Breach - Imagining the Worst Case, And Why it Isn't Time to Panic (Yet)
2010-12-28/a>John BambenekMozilla Notifies of Relatively Minor Security Breach
2010-07-29/a>Rob VandenBrinkThe 2010 Verizon Data Breach Report is Out
2010-06-10/a>Deborah HaleiPad Owners Exposed
2010-04-13/a>Johannes UllrichApache.org Bugtracker Breach
2009-07-28/a>Adrien de BeaupreYYAMCCBA
2009-07-23/a>John BambenekMissouri Passes Breach Notification Law: Gap Still Exists for Banking Account Information
2009-06-06/a>Patrick NolanARRA/HIPAA Breach Reporting Dates Approaching
2009-05-09/a>Patrick NolanUnusable, Unreadable, or Indecipherable? No Breach reporting required
2009-05-05/a>Bojan ZdrnjaHealth database breached
2009-04-24/a>John BambenekData Leak Prevention: Proactive Security Requirements of Breach Notification Laws
2009-04-15/a>Marcus Sachs2009 Data Breach Investigation Report
2009-02-08/a>Mari NicholsAre we becoming desensitized to data breaches?
2009-01-30/a>Mark HofmanWe all "Love" USB drives

TLS

2023-04-13/a>Johannes UllrichHTTP: What's Left of it and the OCSP Problem
2022-07-06/a>Johannes UllrichHow Many SANs are Insane?
2022-05-12/a>Rob VandenBrinkWhen Get-WebRequest Fails You
2022-02-14/a>Johannes UllrichReminder: Decoding TLS Client Hellos to non TLS servers
2021-09-28/a>Jan KoprivaTLS 1.3 and SSL - the current state of affairs
2021-04-16/a>Xavier MertensHTTPS Support for All Internal Services
2021-04-15/a>Johannes UllrichWhy and How You Should be Using an Internal Certificate Authority
2021-03-30/a>Jan KoprivaOld TLS versions - gone, but not forgotten... well, not really "gone" either
2020-12-30/a>Jan KoprivaTLS 1.3 is now supported by about 1 in every 5 HTTPS servers
2020-12-19/a>Guy BruneauSecure Communication using TLS in Elasticsearch
2020-09-09/a>Johannes UllrichA First Look at macOS 11 Big Sur Network Traffic (New! Now with more GREASE!)
2019-12-13/a>Jan KoprivaInternet banking sites and their use of TLS... and SSLv3... and SSLv2?!
2019-10-22/a>Bojan ZdrnjaTesting TLSv1.3 and supported ciphers
2019-10-21/a>Jim ClausingWhat's up with TCP 853 (DNS over TLS)?
2019-08-07/a>Bojan ZdrnjaVerifying SSL/TLS configuration (part 2)
2019-07-23/a>Bojan ZdrnjaVerifying SSL/TLS configuration (part 1)
2019-04-13/a>Johannes UllrichConfiguring MTA-STS and TLS Reporting For Your Domain
2018-08-10/a>Remco VerhoefHunting SSL/TLS clients using JA3
2018-01-22/a>Didier StevensHTTPS on every port?
2017-05-30/a>Johannes UllrichFreeRadius Authentication Bypass
2017-03-08/a>Richard PorterWhat is really being proxied?
2017-03-01/a>Bojan ZdrnjaSSL/TLS on port 389. Say what?
2016-07-05/a>Johannes UllrichApache Update: TLS Certificate Authentication Bypass with HTTP/2 (CVE-2016-4979)
2016-01-08/a>Mark HofmanSLOTH, attack on TLS using MD5
2015-05-20/a>Brad DuncanLogjam - vulnerabilities in Diffie-Hellman key exchange affect browsers and servers using TLS
2015-02-11/a>Johannes UllrichDid PCI Just Kill E-Commerce By Saying SSL is Not Sufficient For Payment Info ? (spoiler: TLS!=SSL)
2014-08-11/a>Bojan ZdrnjaVerifying preferred SSL/TLS ciphers with Nmap
2014-06-12/a>Johannes UllrichMetasploit now includes module to exploit CVE-2014-0195 (OpenSSL DTLS Fragment Vuln.)
2014-03-04/a>Daniel WesemannTriple Handshake Cookie Cutter
2011-09-22/a>Rob VandenBrinkTLS 1.2 - Look before you Leap !
2011-09-20/a>Kevin ListonSSL/TLS Vulnerability Details to be Released Friday
2011-07-10/a>Raul SilesSecurity Testing SSL/TLS (HTTPS) Implementations
2010-07-23/a>Mark HofmanA bit old, however CISCO has updated the November 2009 TLS renegotiation vulnerability with additional vulnerable products and patch information. More details here http://www.cisco.com/warp/public/707/cisco-sa-20091109-tls.shtml
2010-04-25/a>Raul SilesManual Verification of SSL/TLS Certificate Trust Chains using Openssl
2010-02-10/a>Marcus SachsVulnerability in TLS/SSL Could Allow Spoofing
2009-11-13/a>Adrien de BeaupreTLS & SSLv3 renegotiation vulnerability explained
2009-11-06/a>Andre LudwigNew version of OpenSSL released - OpenSSL 0.9.8l
2009-11-05/a>Swa FrantzenTLS Man-in-the-middle on renegotiation vulnerability made public
2009-10-16/a>Adrien de BeaupreCyber Security Awareness Month - Day 16 - Port 1521 - Oracle TNS Listener
2009-05-09/a>Patrick NolanUnusable, Unreadable, or Indecipherable? No Breach reporting required