Preview

Ssl Weakness

Good Essays
Open Document
Open Document
758 Words
Grammar
Grammar
Plagiarism
Plagiarism
Writing
Writing
Score
Score
Ssl Weakness
The current state of authenticity in SSL is questionable and deleterious to the security of SSL as a whole. SSL, even with the most current updates, suffers a great deal of weaknesses that had been highlighted over the years. Some of the most prominent issues are: certificate and configuration issues, protocol attacks, application-level issues, and PKI trust issues.

As reported in the RSA conference in Europe back in 2011, SSL certificates issues encompass insufficient domain name coverage, weak private keys and certificate chain issues. According to a paper presented at the RSA conference, as of 2011, 61.40% of SSL certificates do not support the main domain name properly due to the lack of apex support (e.g. some sites only register a certificate for a common domain name like “samplesite.com” but do not have a certificate registered for “www.samplesite.com”). It had also been noted that out of 1,157,062 certificates observed, a staggering 50% of them contain keys that is 1024-bits or less. It is very well known that with current computing technology, anyone can break 512-bit RSA keys; even 1024-bit keys should be slowly phased out.

Furthermore, on September 2011, two information technology security researchers came forth announcing that they had successfully extended a previously known vulnerability in SSL v.3 (or TLS v.1.0) into an eavesdropping attack against some applications. The detailed release of the announcement and attack pushed all of the major web servers and client vendors into a state of panic in order to provide the necessary patches to address the disclosed vulnerabilities; however, the progress made has been painstakingly slow due to compatibility complications between web application servers and web clients. Over a year after the disclosure of the attack, at the time of this writing, major commercial sites were still being observed to use TLS v. 1.0 (e.g. Bank of America, Navy Federal Credit Union, Capital One Bank, etc.). Yet, while

You May Also Find These Documents Helpful

  • Good Essays

    References: Ballad, B. Ballad, T. and Banks, Erin. Access Control, Authentication, and Public Key Infrastructure. 2011. Jones and Bartlett Learning…

    • 575 Words
    • 2 Pages
    Good Essays
  • Good Essays

    IS3445 Project Part 4

    • 565 Words
    • 2 Pages

    The security of a web application should become top priority when it comes to ensuring the security of the information that the application contains. When we, as an organization, think of security, we should all think of ways that the attacker would attempt to breach the application in order to gain access to the network, or exploit the vulnerability to his or her own benefits. There are many weaknesses pertaining to web applications, and these weaknesses each have an attack associated with it, with the attacker having his or her own motivation for the attack. The attacker’s motivation deeply depends on the type of attack that has occurred at that time. Listed below is a list of the common weaknesses and attacks associated with e-commerce and social networking applications.…

    • 565 Words
    • 2 Pages
    Good Essays
  • Good Essays

    IS4560 Hacking

    • 675 Words
    • 2 Pages

    2. Scrutinize SSL certificates signed by certificates using MD5 algorithm. Users may wish to manually analyze the properties of web site certificates that are signed by signing certificates using the MD5 algorithm. The procedures for accessing certificate details differ depending on the software in use but the signature algorithm is…

    • 675 Words
    • 2 Pages
    Good Essays
  • Good Essays

    To calculate the Window of Vulnerability (WoV) for this security breach, the following timeline will be used as a guideline to determine the basis for calculation:…

    • 606 Words
    • 3 Pages
    Good Essays
  • Satisfactory Essays

    Cp Case Study

    • 976 Words
    • 4 Pages

    | * Data soon became available after authentication breach * Revealed hole in ChoicePoint security system * Trust of security standards instantly lost…

    • 976 Words
    • 4 Pages
    Satisfactory Essays
  • Good Essays

    Choicepoint Data Breach

    • 865 Words
    • 4 Pages

    ChoicePoint, A data broker, suffered a data breach in 2005. This breach led to the disclosure of thousands of people’s personal information. We will discuss the type of breach this would fall under, how it occurred, the losses of confidentiality, integrity, and availability (C.I.A.), and the types of improvements ChoicePoint could or did undertake to help prevent this from happening again.…

    • 865 Words
    • 4 Pages
    Good Essays
  • Good Essays

    Cryptography

    • 385 Words
    • 2 Pages

    SHA-1 encryption scheme was broken and was replaced with a third round version of itself.…

    • 385 Words
    • 2 Pages
    Good Essays
  • Satisfactory Essays

    References: Horton, T. (2014, May 1). The Right Technology Fix Can Help Prevent Breaches. Retrieved December 19, 2014, from ProQuest: http://search.proquest.com/docview/1548709638?accountid=458…

    • 499 Words
    • 2 Pages
    Satisfactory Essays
  • Satisfactory Essays

    Major corporations, governments, and other organizations are hacked each week, mostly by means of phishing attacks. Describe how users and IT organizations should arm themselves against these attacks.…

    • 1177 Words
    • 5 Pages
    Satisfactory Essays
  • Powerful Essays

    Riordan Manufacturing conducts an information systems security review over IT security issues that exist in different plants to prepare for an upcoming audit in accordance to the Sarbanes-Oxley Act. Several elements of the organization 's information systems require revisions and updates to optimize physical and network security, data security, and Web security.…

    • 2582 Words
    • 11 Pages
    Powerful Essays
  • Better Essays

    Input Controls

    • 1029 Words
    • 5 Pages

    Cited: Abdulhayohlu, M. (1998, UNK UNK). Instant SSL by COMODO. Retrieved from Instant SSL by COMODO: http://www.comodo.com…

    • 1029 Words
    • 5 Pages
    Better Essays
  • Good Essays

    Grammarly Report generated on Tue, 09 Dec 2014 03:29 Grammarly DOCUMENT Page 1 of 4 SCORE LAW 531 Wk 6 IRAC Brief 6.2 98 of 100 Final Draft ISSUES FOUND IN THIS TEXT 1 PLAGIARISM 0% Contextual spelling 0 No errors Grammar 0…

    • 808 Words
    • 4 Pages
    Good Essays
  • Good Essays

    When an organization uses and relies on computer systems and information technology to assist in running their company(s) and also uses these resources to store important, personal information about clients, customers, employees, and the organization itself, it is important to have the adequate security protection in place to prevent this information from being compromised. The following summary will discuss how IBM prevents security breaches by using technology to reduce the rampant crime committed against them.…

    • 555 Words
    • 3 Pages
    Good Essays
  • Good Essays

    Cac Card

    • 1716 Words
    • 7 Pages

    Public key infrastructure (pki) certificates that enable cardholders to "sign" documents digitally, encrypt and decrypt emails, and establish secure online network connections.…

    • 1716 Words
    • 7 Pages
    Good Essays
  • Good Essays

    One dirty type of insertion attack is tricking a client into believing that the server it’s connecting to has a valid signed certificate. Using a vulnerable protocol such as telnet, a malicious user can insert the illegitimate certificate and possibly redirect the client to an illegitimate website.…

    • 2570 Words
    • 11 Pages
    Good Essays

Related Topics