3 liens privés
During this week, I've been playing with CloudFlare free plan in order to turn my websites into HTTPS protected websites, while configuring my account and playing a little bit with bettercap I figured out something really weird and I tweeted this ( from the @bettercap account ).
J’ai moi aussi sauté le pas vers let’s encrypt avec toute l’encre numérique qu’il a fait couler ces dernières semaines j’ai eu envie d’en voir un peu plus. Cela tombe bien je projetais depuis un moment de chiffrer le blog alors « endavant ! » comme on dit par chez moi.
This application is intended for creating and managing X.509 certificates, certificate requests, RSA, DSA and EC private keys, Smartcards and CRLs. Everything that is needed for a CA is implemented. All CAs can sign sub-CAs recursively. These certificate chains are shown clearly. For an easy company-wide use there are customiseable templates that can be used for certificate or request generation. All crypto data is stored in an endian-agnostic file format portable across operating systems.
Les autorités de certification racine… Comment pourrait-on ne pas en parler quand on parle de TLS ou de HTTPS…
Ça y est, je me suis lancé ! J'ai testé Let's Encrypt, dont j'ai beaucoup entendu parler.
Enfin. On l'attendait depuis longtemps. À chaque message publié sur leur blog, je lisais vite pour voir s'illes parlent d'une date de sortie. Il y avait d'abord eu une beta fermée (avec inscription sur un google docs), puis avant-hier, jeudi 3 décembre la beta a été ouverte à tou⋅te⋅s. Enfin.
This is an Acme Protocol implementation written fully using PHP language. It allows you to create manage and revoke certificates using ACME protocol used by Let's Encrypt
Its aim is to be used by hosting control panel software and hosting companies using PHP for their hosting panel.
Now that the cat is firmly out the bag, and it's clear that the NSA has cracked the encryption behind, potentially, a huge amount of internet traffic, the question inevitably turns to: what are internet engineers going to do about it ?
Probably one of the smallest SSL MITM proxies you can make. Only using openssl, netcat and a couple of other standard command line tools.
Encrypted key transport with RSA-PKCS#1 v1.5 is the most com-
monly deployed key exchange method in all current versions of the
Transport Layer Security (TLS) protocol, including the most re-
cent version 1.2.
Have you ever been in a pentest where the defenders know their stuff and are actively looking to detect and sabotage all of your actions? If not I can say only one thing, it changes the way you approach, plan and execute a penetration test drastically.
Our study finds that the current real-world deployment of Diffie-Hellman is less secure than previously believed. This page explains how to properly deploy Diffie-Hellman on your server.
Google a annoncé que les certificats de sécurité émis par l'autorité chinoise ne seraient plus considérés comme fiables par ses produits, en particulier Chrome. La décision qui ne sera que provisoire a été prise après la découverte d'une exploitation frauduleuse de la clé de chiffrement. Explications.
Il se fait passer pour Microsoft et dérobe un certificat SSL auprès de Comodo. Au cas où vous en douteriez encore, les Finlandais sont pleins d'humour. Dernier exemple en date avec cet informaticien finlandais qui s'est amusé, il y a 2 mois, à enregistrer une adresse hostmaster@live.fi sur le service de messagerie Live de Microsoft, pour faire une bonne blague. via korben
OpenSSL Cookbook
Most IT people are somewhat familiar with Wireshark. It is a traffic analyzer, that helps you learn how networking works, diagnose problems and much more.
OpenSSL Cookbook is a free ebook built around two OpenSSL chapters from Bulletproof SSL and TLS, a larger work that teaches how to deploy secure servers and web applications.
MitM attacks are a class of security attacks that involve the compromise of the authentication of a secure connection. In essence, an attacker builds a transparent tunnel between the client and the server, but makes sure that the client negotiates the secure connection with the attacker, instead of the intended server. via @Dinosn