SecurityRatty: tag: https

Google Adds User Enabled HTTPS Secure Connections Into GMail

2008-07-26 08:39:22 by CyberInsecure in CyberInsecure.com

Google has added a new Browser Connection feature to GMail that allows users to force e-mail sessions to always use the more secure https (Hypertext Transfer Protocol Secure) protocol. HTTPS is a secure protocol that provides authenticated and encrypted communication. For some reason, this option is turned off by default and the user must enable

Tags: https, protocol, secure https, secure protocol, force e-mail sessions, browser connection feature, google, user, gmail

Web Site: Security and Trust

2007-01-18 07:10:00 by RaviC in Musings on Information Security

...https can be trusted. This is not true. Not all the sites that use https can be trusted. Nothing can stop fraudsters from setting up a https web site. Though https offers security it does not offer trust. Trust is a choice that the user has to make consciously. Here are some tips that help you to decide whether you can trust a web site by...

Tags: web site, https, https web site, trust, offer trust, web site belongs, https url, https offers security, ensure

Storm Worm Hosting Pharmaceutical Scams

2008-05-30 14:50:06 by Dancho Danchev in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge

...Https is a technique used to safeguard private information which is sent via Internet. To prove the site's legitimacy, the SSL encryption uses a PKI (Public Key Infrastructure) - public/private key, to encrypt IDs, documents, or messages to securely transmit the information in the World Wide Web. In order to show that our transmission is...

Tags: storm worm, storm, storm worm malware, malware, ssl encryption, ssl, lock, key lock, key

Changing the SSL cipher order in Internet Explorer 7 on Windows Vista

2007-11-07 05:37:47 by Steve Riley in Steve Riley on Security

...HTTPS connection to a web server, it offers a list of cipher supported cipher suites. The server then selects the first one from the list that it can match. The default order that IE follows is this TLS RSA WITH AES 128 CBC SHA TLS RSA WITH AES 256 CBC SHA TLS RSA WITH RC4 128 SHA TLS RSA WITH 3DES EDE CBC SHA TLS ECDHE ECDSA WITH AES 128 CBC...

Tags: sha, null sha, cbc sha p384, cbc sha, cbc sha p521, shorter bit lengths, bit lengths, cbc sha p256, 256-bit aes

OWASP Day/Week - September 6th

2007-08-28 20:45:00 by Security Retentive in Security Retentive

Get in on the fun OWASP Day : Day of Worldwide OWASP 1 day conferences on the topic "Privacy in the 21st Century" : Thursday 6th Sep 2007 https://www.owasp.org/index.php/OWASP Day I'll be at the San Jose meeting, it should be interesting https://www.owasp.org/index.php/San Jose

Tags: owasp day, day, owasp, phpowasp day, worldwide owasp, day conferences, thursday 6th sep, https, 21st century

Confidential information sent to PinPay.net and SoftCard.biz is exposed

2008-05-08 13:26:03 by Evan Francen in The Breach Blog

...HTTPS URL but it appears that they do not have a security certificate tied to their site The fact that Mr. Long used a hotmail address to pitch the company made me wonder too, given that at Merchant911 we try to instill in our members that a free email address from a customer is a fraud alert If a company official cant use his companys...

Tags: information, drivers license card, license card, card, free card, social security card, sensitive information, sensitive personal information, encrypt sensitive information

An insecurity in OpenID, not many dead

2008-08-09 01:33:39 by Richard Clayton in Light Blue Touchpaper

...https websites) might contain one of these weak keys and so it would be possible for an attacker to successfully impersonate a secure website. Of course the attacker would need to persuade you to mistakenly visit their site but it just so happens that one of the more devastating attacks on DNS has recently been discovered ; so thats not as...

Tags: openid, openid codebases, certs, weak certs, weak, openid sites, sun, suns openid website, trusts sun

Securing Your Gmail With Just a Click

2008-08-21 15:51:12 by Editor in IT Security - The IT Security Industry's Web Resource

...HTTPS in the Gmail options settings Gmail has been capable of running on SSL for quite some time, but its not something thats enabled by default. I always typed the https in by hand, but I dont completely trust that method. Ive used Better Gmail2 in the past, but that doesnt like FireFox 3 for some reason. There are also a number of scripts...

Tags: gmail, force gmail, secure gmail, gmail options settings, page, settings page, ssl, completely trust, martin mckeay

Gmail security and recent phishing activity

2008-11-25 13:22:00 by Niels Provos in Google Online Security Blog

...https To keep your Google account secure online, we recommend you only ever enter your Gmail sign-in credentials to web addresses starting with https://www.google.com/accounts, and never click-through any warnings your browser may raise about certificates. For more information on how to stay safe from phishing attacks, see our blog post here

Tags: gmail, bug, bug details, gmail bug, gmail csrf vulnerability, enhance gmail security, gmail csrf bug, gmail sign-in credentials, domain theft

Your name:
Your email:
Describe a problem:
AntiSPAM Validation:

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo