Welcome to Smokey's Security Forums.
Guests have only limited access to the board and it's features, please consider registering to gain full access!
Registration is free and it only takes a few moments to complete.

Smokey's Security Forums

Please login or register.

Login with username, password and session length
Advanced search  

News:

Top 25 worst-of-the-worst, most common passwords used in 2016

For the sixth year in a year, SplashData has released its list of worst passwords.
According to SplashData, the list is based on over five million leaked passwords, which are used by users in North America and Western Europe, that were posted for sale online.

Top 25 worst-of-the-worst, most common passwords used in 2016



Malware Log Analysis & Removal Help * OTL (OldTimer ListIt) Tutorials & Tools * Ransomware Encryption & Decrytion Techniques * Official Jetico Inc. Support Forums

Share this topic on FacebookShare this topic on MySpaceShare this topic on RedditShare this topic on TwitterAuthorTopic: Some HTTPS inspection tools might weaken security  (Read 16 times)

0 Members and 1 Guest are viewing this topic.

ScarlettTopic starter

  • Updates Moderator
  • *
  • Offline Offline
  • location: Cymru
  • Posts: 23273
Some HTTPS inspection tools might weaken security
« Reply #1 on: March 18, 2017, 01:20:50 AM »
Some HTTPS inspection tools might weaken security
17 March 2017, 11:14 pm



Companies that use security products to inspect HTTPS traffic might inadvertently make their users' encrypted connections less secure and expose them to man-in-the-middle attacks, the U.S. Computer Emergency Readiness Team warns.

US-CERT, a division of the Department of Homeland Security, published an advisory after a recent survey showed that HTTPS inspection products don't mirror the security attributes of the original connections between clients and servers.

HTTPS inspection checks the encrypted traffic coming from an HTTPS site to make sure it doesn't contain threats or malware. It's performed by intercepting a client's connection to an HTTPS server, establishing the connection on the client's behalf and then re-encrypting the traffic sent to the client with a different, locally generated certificate. Products that do this essentially act as man-in-the-middle proxies.

To read this article in full or to leave a comment, please click here



Source: Network World Security

>> To obtain the full NetworkWorld Security article, click the link in the first post line <<
 

* Permissions
You can't post new topics.
You can't post replies.
You can't post attachments.
You can't modify your posts.
BBCode Enabled
Smilies Enabled
[img] Enabled
HTML Disabled


Except where otherwise stated, all content, graphics, banners and images included © 2006 - 2017 Smokey Services™ -- All rights reserved
Design board graphics, banners and images by Meg&Millie - Emma aka Tinker

This site don't store profiling-, tracking-, third-party and/or any other non-essential cookie(s) on client computers and is fully compliant with the EU ePrivacy Directive
Smokey's don't use any Web Analytics/Analysis Service, and also don't use any browser fingerprinting techniques

    

  

Smokey's provide free fully qualified OTL (OldTimer ListIt) and FRST (Farbar Recovery Scan Tool) Log / Malware Analysis & Removal Help and System Health Checks
rifle
rifle
rifle
rifle