http://blog.g-sec.lu/Where facts are few, experts are many.ennoreply@blogger.com (Thierry Zoller)Mon, 14 May 2012 12:06:45 PDTBloggertag:blogger.com,1999:blog-6875971858454394582111256.1370050.01630g-sechttp://feedburner.google.comhttp://feedproxy.google.com/~r/g-sec/~3/PW-2pW1YT5c/overview-of-beast-tls-cbc.htmlnoreply@blogger.com (Thierry Zoller)Mon, 26 Sep 2011 07:38:00 PDTtag:blogger.com,1999:blog-6875971858454394582.post-42807328580055420042011-09-28T22:02:26.728+02:000Lots of good information floating on the internet on the Proof of Concept (dubbed 'BEAST) against TLS 1.0 by Juliano Rizzo and Thai Duong at the Ekoparty. This Post summaries the credible information...<br/> <br/> [[ This is a content summary only. Visit our blog for more ]]<img src="http://feeds.feedburner.com/~r/g-sec/~4/PW-2pW1YT5c" height="1" width="1"/>http://blog.g-sec.lu/2011/09/overview-of-beast-tls-cbc.htmlhttp://feedproxy.google.com/~r/g-sec/~3/FAWE9TrPSDQ/ssltls-hardening-and-compatibility.htmlWhitepapernoreply@blogger.com (Thierry Zoller)Tue, 20 Sep 2011 08:05:00 PDTtag:blogger.com,1999:blog-6875971858454394582.post-22081699479654303642011-09-25T17:34:59.659+02:000Subscribe to the RSS feed in case you are interested in updates My professional and private commitments made it difficult to maintain a healthly blogging style, I am trying to get back to some...<br/> <br/> [[ This is a content summary only. Visit our blog for more ]]<img src="http://feeds.feedburner.com/~r/g-sec/~4/FAWE9TrPSDQ" height="1" width="1"/>http://blog.g-sec.lu/2011/09/ssltls-hardening-and-compatibility.htmlhttp://feedproxy.google.com/~r/g-sec/~3/mv6kq6twUto/new-paper-ssltls-hardening-and.htmlWhitepaperToolnoreply@blogger.com (Thierry Zoller)Thu, 18 Feb 2010 06:20:00 PSTtag:blogger.com,1999:blog-6875971858454394582.post-50906184591397716382010-02-18T15:42:48.021+01:000Subscribe to the RSS feed in case you are interested in updates At last. What started as an "I need an overview of best practise in SSL/TLS configuration" type of idea, ended in a 3 month code,...<br/> <br/> [[ This is a content summary only. Visit our blog for more ]]<img src="http://feeds.feedburner.com/~r/g-sec/~4/mv6kq6twUto" height="1" width="1"/>http://blog.g-sec.lu/2010/02/new-paper-ssltls-hardening-and.htmlhttp://feedproxy.google.com/~r/g-sec/~3/M0JI92J1uII/harden-ssltls-tool-release.htmlToolnoreply@blogger.com (Thierry Zoller)Tue, 16 Feb 2010 09:43:00 PSTtag:blogger.com,1999:blog-6875971858454394582.post-81104709400604748192010-02-16T18:43:46.261+01:000Subscribe to the RSS feed in case you are interested in updates &nbsp;“Harden SSL/TLS” allows hardening the SSL/TLS settings of Windows 2000,2003,2008,2008R2, XP,Vista,7. It allows locally and ...<br/> <br/> [[ This is a content summary only. Visit our blog for more ]]<img src="http://feeds.feedburner.com/~r/g-sec/~4/M0JI92J1uII" height="1" width="1"/>http://blog.g-sec.lu/2010/02/harden-ssltls-tool-release.htmlhttp://feedproxy.google.com/~r/g-sec/~3/3iHDD71fFz8/ssltls-audit-alpha-tool-release.htmlToolnoreply@blogger.com (Thierry Zoller)Wed, 10 Feb 2010 07:33:00 PSTtag:blogger.com,1999:blog-6875971858454394582.post-89313057659722062882010-02-10T16:55:30.228+01:001Subscribe to the RSS feed in case you are interested in updates Developed as part of G-SEC's investigation into the "Secure SSL/TLS configuration Report 2010" (to be published) we developed this...<br/> <br/> [[ This is a content summary only. Visit our blog for more ]]<img src="http://feeds.feedburner.com/~r/g-sec/~4/3iHDD71fFz8" height="1" width="1"/>http://blog.g-sec.lu/2010/02/ssltls-audit-alpha-tool-release.htmlhttp://feedproxy.google.com/~r/g-sec/~3/D-aNw5V_CEU/tls-sslv3-renegotiation-vulnerability.htmlWhitepapernoreply@blogger.com (Thierry Zoller)Fri, 13 Nov 2009 03:52:00 PSTtag:blogger.com,1999:blog-6875971858454394582.post-11963690824563366742009-12-09T21:26:59.721+01:000Subscribe to the RSS feed in case you are interested in updates This paper explains the vulnerability for a broader audience and summarizes the information that is currently available. The...<br/> <br/> [[ This is a content summary only. Visit our blog for more ]]<img src="http://feeds.feedburner.com/~r/g-sec/~4/D-aNw5V_CEU" height="1" width="1"/>http://blog.g-sec.lu/2009/11/tls-sslv3-renegotiation-vulnerability.htmlhttp://feedproxy.google.com/~r/g-sec/~3/giGZdVxgU0I/sslv3-tls-man-in-middle-vulnerability.htmlZero Daynoreply@blogger.com (Thierry Zoller)Thu, 05 Nov 2009 04:00:00 PSTtag:blogger.com,1999:blog-6875971858454394582.post-48233210183058089082009-12-09T21:22:06.087+01:001Subscribe to the RSS feed in case you are interested in updates Updated 17:50 GMT+1 / 05.2009 - added Mitigation / Impact&nbsp; Updated 16:40 GMT+1 / 06.2009 - added IETF draft&nbsp; Updated...<br/> <br/> [[ This is a content summary only. Visit our blog for more ]]<img src="http://feeds.feedburner.com/~r/g-sec/~4/giGZdVxgU0I" height="1" width="1"/>http://blog.g-sec.lu/2009/11/sslv3-tls-man-in-middle-vulnerability.htmlhttp://feedproxy.google.com/~r/g-sec/~3/-KZAcI1F6So/solving-hacklu-2009-reversing-challenge.htmlHack.lunoreply@blogger.com (Thierry Zoller)Mon, 02 Nov 2009 12:15:00 PSTtag:blogger.com,1999:blog-6875971858454394582.post-73925237905347140282009-11-12T22:28:31.164+01:004Subscribe to the RSS feed in case you are interested in updates Here is quick overview of one possible way to solve the Hack.lu 2009 crackme&nbsp; (reversing challenge) with the classical JZ/JNZ...<br/> <br/> [[ This is a content summary only. Visit our blog for more ]]<img src="http://feeds.feedburner.com/~r/g-sec/~4/-KZAcI1F6So" height="1" width="1"/>http://blog.g-sec.lu/2009/11/solving-hacklu-2009-reversing-challenge.htmlhttp://feedproxy.google.com/~r/g-sec/~3/_HQFDxCtM8E/computer-associates-multiple-products.htmlAdvisorynoreply@blogger.com (Thierry Zoller)Tue, 13 Oct 2009 07:46:00 PDTtag:blogger.com,1999:blog-6875971858454394582.post-37970490639073747082009-10-15T18:34:59.989+02:000Subscribe to the RSS feed in case you are interested in updates G-SEC released an advisory today that affects various Computer Associates products. The most interesting part is the multitude of...<br/> <br/> [[ This is a content summary only. Visit our blog for more ]]<img src="http://feeds.feedburner.com/~r/g-sec/~4/_HQFDxCtM8E" height="1" width="1"/>http://blog.g-sec.lu/2009/10/computer-associates-multiple-products.htmlhttp://feedproxy.google.com/~r/g-sec/~3/mGYhT9R-yts/iis-5-iis-6-ftp-vulnerability.htmlZero Daynoreply@blogger.com (Thierry Zoller)Tue, 01 Sep 2009 05:06:00 PDTtag:blogger.com,1999:blog-6875971858454394582.post-26673184851000481492009-09-07T15:20:50.531+02:002Subscribe to our RSS feed for regular updates Renowed security researcher "Kingcope" published a recent zero day vulnerability (i.e no patch and unkown at the time of publication) affecting...<br/> <br/> [[ This is a content summary only. Visit our blog for more ]]<img src="http://feeds.feedburner.com/~r/g-sec/~4/mGYhT9R-yts" height="1" width="1"/>http://blog.g-sec.lu/2009/09/iis-5-iis-6-ftp-vulnerability.htmlhttp://feedproxy.google.com/~r/g-sec/~3/IXm98JqMdGs/new-advances-in-officeexcelpowerpoint.htmlToolnoreply@blogger.com (Thierry Zoller)Thu, 30 Jul 2009 15:20:00 PDTtag:blogger.com,1999:blog-6875971858454394582.post-19018846399793379792009-08-01T03:38:43.992+02:000Subscribe to the RSS feed in case you are interested in updates As you may or may not know there is massive client-side exploitation movement going on since last year (there has been before but on a...<br/> <br/> [[ This is a content summary only. Visit our blog for more ]]<img src="http://feeds.feedburner.com/~r/g-sec/~4/IXm98JqMdGs" height="1" width="1"/>http://blog.g-sec.lu/2009/07/new-advances-in-officeexcelpowerpoint.html