Yes, it is possible in theory to forge the Web Server Certificate that is used in SSL/TLS communication. This is because the certificate is signed by a certificate authority that your browser trusts using a cryptographic hashing algorithm of a specific length. The hashing algorithms that have been used to… Continue reading
Search this site
Check out my other project…
- Create an EC2 that runs Chrome for sandboxed websurfing
- Check Multiple AWS S3 Buckets for Missing Default Encryption
- The Equifax Data Breach and the Apache Struts Vulnerability
- Test Early, Test Often
- Linux Hardening
- Information Security at Startup Companies
- Timestamp bash_history with every command
- Has SHA-1 been hacked?
Important security research from Google on the effectiveness of various kinds of 2FA that got a bit buried this crazy week. Among key findings, SMS 2FA was still 76% effective against highly "targeted" phishing attacks and 99% good vs. "bulk" phishing.
Many of my followers have heard me say that it will be interesting to see what IBM will do with RedHat, Read this: https://t.co/AYaguhptLT #SEC545
Just heard a speaker at a Security Conference tell the audience his password because he uses MFA. #cringe #MFApassword
#ZombieApocalypse #CRISPR https://t.co/KXMihLjFHs