Tu parles d’une révélation : on apprend ici que les Autorités de Certification #X.509 émettent des certificats pour n’importe qui.
▻https://nakedsecurity.sophos.com/2015/10/14/can-we-really-trust-the-browser-padlock-fake-banking-sites-giv
Tu parles d’une révélation : on apprend ici que les Autorités de Certification #X.509 émettent des certificats pour n’importe qui.
▻https://nakedsecurity.sophos.com/2015/10/14/can-we-really-trust-the-browser-padlock-fake-banking-sites-giv
Ici, c’est carrément des «certificats faibles»... ▻http://www.scmagazine.com/fraudsters-exploit-weak-ssl-certificate-security-to-set-up-hundreds-of-phishing-sites/article/444711
Les Autorités de Certification #X.509 émettent des certificats pour n’importe qui et parfois même à l’insu de leur plein gré (Comodo / Diginotar) ou par mégarde ( IGC / CA vs Google)
Why you can’t trust password strength meters
▻https://nakedsecurity.sophos.com/2015/03/02/why-you-cant-trust-password-strength-meters
Website owners can employ a range of measures to help users choose better, stronger passwords and one of the most popular techniques is to include a password strength meter. The meters are designed to help users understand if their password choices will resist attempts to crack them. The trouble is, they don’t.
The FREAK bug in TLS/SSL - what you need to know
▻https://nakedsecurity.sophos.com/2015/03/04/the-freak-bug-in-tlsssl-what-you-need-to-know
The FREAK bug affects TLS/SSL, the security protocol that puts the S into HTTPS and the padlock in your browser’s address bar.
Paul Ducklin explains in plain English...
Google flushes 61% of Android users down the security toilet
▻https://nakedsecurity.sophos.com/2015/01/13/google-flushes-61-percent-android-users-down-security-toilet
Apparently, pre-KitKat Androids, which currently account for 61% of devices out there, will no longer get web browser security fixes.
You are welcome to send in vulnerabilities, but you’d better send a patch at the same time...