" beast Archives - HIPAA News, Web & Email Security Tips & News - Plus More | LuxSci
LuxSci

Posts Tagged ‘beast’

SSL versus TLS – What’s the difference?

Wednesday, September 20th, 2017

SSL versus TLS

TLS (Transport Layer Security) and SSL (Secure Sockets Layer) are protocols that provide data encryption and authentication between applications and servers in scenarios where that data is being sent across an insecure network, such as checking your email (How does the Secure Socket Layer work?). The terms SSL and TLS are often used interchangeably or in conjunction with each other (TLS/SSL), but one is in fact the predecessor of the other — SSL 3.0 served as the basis for TLS 1.0 which, as a result, is sometimes referred to as SSL 3.1. With this said though, is there actually a practical difference between the two?

SSL versus TLS: What is the differenc?

See also our Infographic which summarizes these differences.

 

Read the rest of this post »

Can S/MIME be trusted when SSL has had so many security issues?

Thursday, March 26th, 2015

SSL and TLS have had a lot of security issues over the past 1-2 years.  While these have been patched quickly, they have been very bad and have changed our view of and trust of the Internet.  S/MIME is really just aspects of SSL/TLS applied to secure email messages (we looked at this previously).  So …. can S/MIME be trusted?  Does it suffer from the same vulnerabilities as SSL?  Is S/MIME a good thing to use for secure email or should it be avoided with a 10-foot pole?

As we shall see, S/MIME is impervious to the majority the issues with SSL due to the fact that there is no real-time negotiation of cryptographic algorithms and there can be no man-in-the-middle.

Lets see…

Read the rest of this post »

256-bit AES Encryption for SSL and TLS: Maximal Security

Wednesday, February 4th, 2015

SSL and TLS are the workhorses that provide the majority of security in the transmission of data over the Internet today. However, most people do not know that the degree of security and privacy inherent in a “secure” connection of this sort can vary from “almost none” to “really really good … good enough for US government TOP SECRET data”.  The piece which varies and thus provides the variable level of security is the “cipher” or “encryption technique”.  There are a large number of different ciphers — some are very fast and very insecure.  Some are slower and very secure.  Some weak ones (export-grade ciphers) are around from the days when the USA did not permit the export of decent security to other countries.

AES, the Advanced Encryption Standard, is a relatively new encryption technique/cipher that is the successor of DES.  AES was standardized in 2001 after a 5 year review, and is currently one of the most popular algorithms used in symmetric key cryptography (which, for example, is used for the actual data transmission in SSL and TLS).  It is also the “gold standard” encryption technique; many security-conscious organizations actually require that their employees use AES-256 (256-bit AES) for all communications.

This article discusses AES, its role in SSL, which web browsers and email programs support it, how you can make sure that you only use 256-bit AES encryption of all secure communications, and more.

Read the rest of this post »

Is SSL/TLS Really Broken by the BEAST attack? What is the Real Story? What Should I Do?

Wednesday, September 21st, 2011

Update – January, 2015.  SSL v3 should be turned off.  RC4 is now weak and should not be used anymore, even as a work around to the BEAST attack.  LuxSci recommends to use TLS v1.1+ and NIST-recommended ciphers.  The BEAST is not really considered a significant vector (even with TLS v1.0) compared to other things, anymore.

Update – April, 2012. openssl v1.0.1 is out and it supports TLS v1.1 and v1.2 which help mitigate this attack.  All web sites hosted by LuxSci now use this updated software and are safe from BEAST.  LuxSci recommends using a web host which supports TLS v1.1 and v1.2 for secure web connections.

—-

SSL v3 and TLS v1 are subject to a serious exploit, according to a recently published attack mechanism (called BEAST).  This sounds foundation-shattering and kind of scary. When people see this, as when we did, the first panicky questions that arise are:

  • What is really affected?
  • How serious is it?
  • What can I do to protect myself?
  • How does the BEAST attack actually work?

After researching this issue, we have digested what we have found and produced this article to answer all of these questions for you.

Read the rest of this post »