Threat Post

Email Bug Allows Message Snooping, Credential Theft

A year-old proof-of-concept attack that allows an attacker to bypass TLS email protections to snoop on messages has been patched. Researchers warn hackers can snoop on email messages by exploiting a ...
Network World

What do I do if there is no TLS handshake?

Part 6 of a six-part article: Just because you checked a few boxes on your Microsoft Exchange Server does not mean that there is secure TLS encryption between your domain and another SMTP server that ...
Ars Technica

“Lucky Thirteen” attack snarfs cookies protected by SSL encryption

Software developers are racing to patch a recently discovered vulnerability that allows attackers to recover the plaintext of authentication cookies and other encrypted data as they travel over the ...
MCPmag

Empire of the Air: WEP and EAP

TLS and 802.1x EAP protects the initial wireless authentication. The next vulnerable portion of the transaction, the WEP key exchange, is protected using TLS. The authentication phase of a standard ...
Security Boulevard

SSH vs SSL/TLS: Definitions & Differences of Communication Protocols

What is SSL/TLS? SSL and TLS are protocols used on the transport layer, which is used to provide a secure connection between two nodes in a computer network. The first widely used protocol that was ...
ZDNet

Google and Mozilla's message to AV and security firms: Stop trashing HTTPS

A surprisingly large number of antivirus and security products are undermining HTTPS connections and exposing browser users to decryption attacks, according to a study by researchers at Google, ...