ZDNet

Advertisers can track users across the Internet via TLS Session Resumption

An academic paper published last month has shed new light on a new user tracking technique that takes advantage of a legitimate mechanism associated with the TLS (Transport Layer Security) protocol ...
Threat Post

New Attack Uses SSL/TLS Information Leak to Hijack HTTPS Sessions

There is a feature supported by the SSL/TLS encryption standard and used by most of the major browsers that leaks enough information about encrypted sessions to enable attackers decrypt users’ ...
Computerworld

‘CRIME’ attack abuses SSL/TLS data compression feature to hijack HTTPS sessions

The ‘CRIME’ attack announced last week exploits the data compression scheme used by the TLS (Transport Layer Security) and SPDY protocols to decrypt user authentication cookies from HTTPS (HTTP Secure ...
Tidbits

Google’s Gmail Defaults to Encrypted Sessions

Google has announced that all Gmail sessions are now secured using SSL/TLS by default, rather than as a choice each individual user had to make in configuration settings. The previous default setting ...
CSOonline

Decryption Is Key for Enhanced Security and Monitoring

In Part 1 of my series on Transport Layer Security (TLS) decryption, I went over a few basics of encryption, discussed TLS 1.2, and concluded by outlining the improvements TLS 1.3 provided. In this ...

What the post-quantum shift means for your security strategy

Post-quantum security revolves around staying in the race because when quantum arrives, it won’t send a warning. Those who ...