Threat Level: green Handler on Duty: Bojan Zdrnja

SANS ISC: Diaries by Keyword Diaries by Keyword

Special Webcast: What you need to know about the crypt32.dll vulnerability. Register Now

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Date Author Title

LOGON INFORMATION PLAINTEXT UNSECURED SSL MANINTHEMIDDLE

2010-07-24Manuel Humberto Santander PelaezTransmiting logon information unsecured in the network

LOGON

2010-07-24/a>Manuel Humberto Santander PelaezTransmiting logon information unsecured in the network

INFORMATION

2013-02-17/a>Guy BruneauHP ArcSight Connector Appliance and Logger Vulnerabilities
2011-02-05/a>Guy BruneauOpenSSH Legacy Certificate Information Disclosure Vulnerability
2011-01-12/a>Richard PorterHow Many Loyalty Cards do you Carry?
2010-10-22/a>Manuel Humberto Santander PelaezIntypedia project
2010-07-24/a>Manuel Humberto Santander PelaezTransmiting logon information unsecured in the network
2010-06-15/a>Manuel Humberto Santander PelaeziPhone 4 Order Security Breach Exposes Private Information
2010-04-21/a>Guy BruneauGoogle Chrome Security Update v4.1.249.1059 Released: http://googlechromereleases.blogspot.com/2010/04/stable-update-security-fixes.html
2010-03-27/a>Guy BruneauHP-UX Running NFS/ONCplus, Inadvertently Enabled NFS
2009-11-29/a>Patrick Nolan A Cloudy Weekend
2009-10-04/a>Guy BruneauSamba Security Information Disclosure and DoS
2009-07-10/a>Guy BruneauWordPress Fixes Multiple vulnerabilities
2009-03-02/a>Swa FrantzenObama's leaked chopper blueprints: anything we can learn?
2008-09-11/a>David GoldsmithCookieMonster is coming to Pown (err, Town)
2008-04-07/a>John BambenekHP USB Keys Shipped with Malware for your Proliant Server

PLAINTEXT

2010-07-24/a>Manuel Humberto Santander PelaezTransmiting logon information unsecured in the network

UNSECURED

2010-07-24/a>Manuel Humberto Santander PelaezTransmiting logon information unsecured in the network

SSL

2019-12-13/a>Jan KoprivaInternet banking sites and their use of TLS... and SSLv3... and SSLv2?!
2019-10-22/a>Bojan ZdrnjaTesting TLSv1.3 and supported ciphers
2019-08-07/a>Bojan ZdrnjaVerifying SSL/TLS configuration (part 2)
2019-07-23/a>Bojan ZdrnjaVerifying SSL/TLS configuration (part 1)
2018-11-27/a>Xavier MertensMore obfuscated shell scripts: Fake MacOS Flash update
2018-09-19/a>Rob VandenBrinkCertificates Revisited - SSL VPN Certificates 2 Ways
2018-08-10/a>Remco VerhoefHunting SSL/TLS clients using JA3
2018-01-22/a>Didier StevensHTTPS on every port?
2017-12-03/a>Xavier MertensStartSSL: Termination of Services is Now Scheduled
2017-03-08/a>Richard PorterWhat is really being proxied?
2016-07-28/a>Bojan ZdrnjaVerifying SSL/TLS certificates manually
2016-05-03/a>Rick WannerOpenSSL Updates
2016-02-27/a>Guy BruneauOpenSSL Security Update Planned for 1 March Release
2016-01-31/a>Guy BruneauOpenSSL 1.0.2 Advisory and Update
2015-03-26/a>Daniel WesemannPin-up on your Smartphone!
2015-03-17/a>Didier StevensImproperly issued SSL certificate for domain "live.fi" could be used in attempts to spoof content. https://technet.microsoft.com/library/security/3046310
2015-03-12/a>Johannes UllrichWho got the bad SSL Certificate? Using tshark to analyze the SSL handshake.
2015-02-11/a>Johannes UllrichDid PCI Just Kill E-Commerce By Saying SSL is Not Sufficient For Payment Info ? (spoiler: TLS!=SSL)
2015-02-01/a>Rick WannerImproving SSL Warnings
2014-12-09/a>Johannes UllrichPOODLE Strikes (Bites?) Again
2014-08-11/a>Bojan ZdrnjaVerifying preferred SSL/TLS ciphers with Nmap
2014-08-06/a>Chris MohanOpenSSL Security Advisories http://www.openssl.org/news/secadv_20140806.txt
2014-06-12/a>Johannes UllrichMetasploit now includes module to exploit CVE-2014-0195 (OpenSSL DTLS Fragment Vuln.)
2014-06-05/a>Johannes UllrichUpdated OpenSSL Patch Presentation
2014-06-05/a>Johannes UllrichCritical OpenSSL Patch Available. Patch Now!
2014-06-05/a>Johannes UllrichInternet Storm Center Briefing on OpenSSL Vulnerabilities today at 12pm ET (8am PT/4pm UTC) https://www.sans.org/webcasts/98445
2014-06-05/a>Johannes UllrichMore Details Regarding CVE-2014-0195 (DTLS arbitrary code execution)
2014-04-26/a>Guy BruneauNew Project by Linux Foundation - Core Infrastructure Initiative
2014-04-21/a>Daniel WesemannOpenSSL Rampage
2014-04-21/a>Daniel WesemannFinding the bleeders
2014-04-16/a>Johannes UllrichNew Feature: Monitoring Certification Revocation Lists https://isc.sans.edu/crls.html
2014-04-15/a>Richard PorterVMWare Advisory VMSA-2014-0004 - Updates on OpenSSL HeartBleed http://www.vmware.com/security/advisories/VMSA-2014-0004.html
2014-04-14/a>Kevin ShorttINFOCon Green: Heartbleed - on the mend
2014-04-11/a>Johannes UllrichTonight OpenSSL Webcast #4: Client Side Issues / What to tell your kids & managers about it https://www.sans.org/webcasts/side-heartbleed-client-vulnerabilities-98135
2014-04-08/a>Guy BruneauOpenSSL CVE-2014-0160 Fixed
2014-04-08/a>Johannes Ullrich* Patch Now: OpenSSL "Heartbleed" Vulnerability
2014-02-25/a>Alex StanfordApple releases OS X 10.9.2 patching SSL vulnerability and updates Safari
2014-02-24/a>Russ McReeExplicit Trusted Proxy in HTTP/2.0 or...not so much
2014-01-02/a>John BambenekOpenSSL.org Defaced by Attackers Gaining Access to Hypervisor
2013-12-29/a>Russ McReeOpenSSL suffers apparent defacement
2013-12-11/a>Johannes UllrichBrowser Fingerprinting via SSL Client Hello Messages
2013-10-09/a>Johannes UllrichCSAM: SSL Request Logs
2013-09-09/a>Johannes UllrichSSL is broken. So what?
2013-08-21/a>Alex StanfordPsst. Your Browser Knows All Your Secrets.
2013-07-23/a>Bojan ZdrnjaSessions with(out) cookies
2013-05-17/a>Johannes UllrichSSL: Another reason not to ignore IPv6
2013-02-11/a>John BambenekOpenSSL 1.0.1e Released with Corrected fix for CVE-2013-1069, more here: http://www.openssl.org/
2013-01-03/a>Manuel Humberto Santander PelaezNew year and new CA compromised
2012-07-03/a>Johannes Ullrichocsp.comodoca.com blacklisted (by comodo itself)
2012-06-04/a>Johannes UllrichMicrosoft Emergency Bulletin: Unauthorized Certificate used in "Flame"
2012-06-04/a>Rob VandenBrinkBrowsers and SSL Security - a Race to the Bottom !
2012-05-31/a>Johannes UllrichSCADA@Home: Your health is no secret no more!
2012-05-22/a>Johannes Ullrichnmap 6 released
2012-05-21/a>Johannes UllrichWe updated our SSL certificate. Also note that we are deprecating various old hostname (isc.sans.org/incidents.org) and redirect now to isc.sans.edu. please update your bookmarks.
2012-04-24/a>Russ McReeOpenSSL reissues fix for ASN1 BIO vulnerability
2012-04-19/a>Kevin ShorttOpenSSL Security Advisory - CVE-2012-2110
2012-03-20/a>Johannes UllrichA Reminder: Private Key Security
2012-03-12/a>Guy BruneauOpenSSL Security Update
2012-02-08/a>Jim ClausingChrome to stop checking Certificate Revocation List (CRL)?
2012-01-05/a>Russ McReeOpenSSL vulnerability fixes
2011-11-07/a>Rob VandenBrinkStuff I Learned Scripting - Evaluating a Remote SSL Certificate
2011-10-26/a>Rob VandenBrinkThe Theoretical "SSL Renegotiation" Issue gets a Whole Lot More Real !
2011-10-05/a>Johannes UllrichAdobe SSL Certificate Problem (fixed)
2011-10-03/a>Bojan ZdrnjaBeauty and the BEAST
2011-09-23/a>Mark HofmanSSL/TLS Vulnerability Details to be Released Friday (Part 2)
2011-09-15/a>Swa FrantzenDigiNotar looses their accreditation for qualified certificates
2011-09-13/a>Swa FrantzenGlobalSign back in operation
2011-09-13/a>Swa FrantzenMore DigiNotar intermediate certificates blacklisted at Microsoft
2011-09-07/a>Lenny ZeltserGlobalSign Temporarily Stops Issuing Certificates to Investigate a Potential Breach
2011-09-06/a>Johannes UllrichMicrosoft Releases Diginotar Related Patch and Advisory
2011-09-01/a>Swa FrantzenDigiNotar breach - the story so far
2011-08-31/a>Johannes UllrichFirefox/Thunderbird 6.0.1 released to blacklist bad DigiNotar SSL certificates
2011-08-30/a>Johannes UllrichDigiNotar SSL Breach
2011-07-25/a>Johannes UllrichiOS 4.3.5 released fixing an SSL certificate verification flaw. http://support.apple.com/kb/HT1222
2011-07-10/a>Raul SilesSecurity Testing SSL/TLS (HTTPS) Implementations
2011-06-29/a>Johannes UllrichRandom SSL Tips and Tricks
2011-03-23/a>Johannes UllrichFirefox 3 Updates and SSL Blacklist extension
2011-03-23/a>Johannes UllrichMicrosoft Advisory about fraudulent SSL Certificates
2011-03-23/a>Johannes UllrichComodo RA Compromise
2010-11-16/a>Guy Bruneau OpenSSL TLS Extension Parsing Race Condition
2010-07-24/a>Manuel Humberto Santander PelaezTransmiting logon information unsecured in the network
2010-06-02/a>Mark HofmanOpenSSL version 1.0.0a released. This fixes a number of security issues. Don't forget a number of commercial appliances will be using this, so look for vendor updates soon.
2010-04-25/a>Raul SilesManual Verification of SSL/TLS Certificate Trust Chains using Openssl
2010-04-21/a>Johannes Ullrichisc.sans.org SSL Certificate and URL extensions
2010-03-29/a>Adrien de BeaupreOpenSSL V 1.0.0 released!
2010-02-26/a>Rick WannerOpenSSL 0.9.8m released.
2010-02-10/a>Marcus SachsVulnerability in TLS/SSL Could Allow Spoofing
2010-01-19/a>Jim ClausingApple Security Update 2010-001
2009-12-01/a>Chris CarboniClientless SSL VPN products break web browser domain-based security models
2009-11-13/a>Adrien de BeaupreTLS & SSLv3 renegotiation vulnerability explained
2009-11-06/a>Andre LudwigNew version of OpenSSL released - OpenSSL 0.9.8l
2009-11-05/a>Swa FrantzenTLS Man-in-the-middle on renegotiation vulnerability made public
2009-10-28/a>Johannes UllrichSniffing SSL: RFC 4366 and TLS Extensions
2009-10-12/a>Mark HofmanSome interesting SSL SPAM
2009-01-08/a>Kyle HaugsnessBIND OpenSSL follow-up
2008-12-30/a>Johannes UllrichMD5 SSL Summary
2008-09-11/a>David GoldsmithCookieMonster is coming to Pown (err, Town)
2008-07-29/a>Kyle HaugsnessGoogle SSL cert expired for POP/IMAP users
2008-05-16/a>Daniel WesemannINFOcon back to green
2008-05-15/a>Bojan ZdrnjaDebian and Ubuntu users: fix your keys/certificates NOW
2008-05-15/a>Bojan ZdrnjaINFOCon yellow: update your Debian generated keys/certs ASAP
2006-11-29/a>Toby KohlenbergNew Vulnerability Announcement and patches from Apple

MANINTHEMIDDLE

2010-07-24/a>Manuel Humberto Santander PelaezTransmiting logon information unsecured in the network
2006-10-05/a>John BambenekThere are no more Passive Exploits