#insecureTLS implementations report

This post is meant to support the launch of the #insecureTLS hashtag;
an insecure Transport Layer Security implementation is in itself outrageous but some are more than others.

...I collect insecure TLS samples for fun and profit (not really)

why I started collecting data from Qualys SSL (Server) Test
first sample;
a second batch [video];
something the @DHSgov Security Audit did not report.



Comments

Post a Comment

Popular posts from this blog

The majority of DHS subdomains vulnerable to Man in The Middle attacks

Image
On 17th september there were 18 .dhs.gov entries in badssl , 11 of which vulnerable to Man in The Middle attacks and 4 to Poodle (TLS ) attack; United States Government Accountability Office has meanwhile found other issues which are probably bigger(?) than that, as the $6B firewall which seems hitting an impressive 6% of the total vulnerabilities selected for review: More specifically, for the five client applications we reviewed (Adobe Acrobat, Flash, Internet Explorer, Java, and Microsoft office), the NCPS intrusion detection signatures provided some degree of coverage for approximately 6 percent of the total vulnerabilities selected for review. ...by the way, here are the (SSL/TLS) facts about DHS as of today:
Read more

Due minuti e mezzo per mezzanotte

Image
Venerdi scorso, 27 Gennaio 2017, il Bulletin of the Atomic Scientists ha annunciato lo spostamento in avanti di 30 secondi del Doomsday Clock . Mancano 2 minuti e mezzo per mezzanotte. Quella che segue è una traduzione del testo integrale . Bollettino  degli Scienziati  Atomici Mancano due minuti e mezzo per mezzanotte Comunicato dal Doomsday Clock * 2017 Comitato per la Scienza e Sicurezza Bollettino degli Scienziati Atomici Direttore Responsabile, John Mecklin (*) Doomsday Clock: un orologio metaforico che indica quanto la civiltà sia vicina ad una possibile fine del mondo, pubblicato  negli ultimi settant’anni  con il bollettino annuale degli Scienziati Atomici; tra i membri, quindici premi Nobel. IT IS TWO AND A HALF MINUTES TO MIDNIGHT© Premessa del direttore  Quest’anno segna il 70mo anniversario del Doomsday Clock , una rappresentazione grafica apparsa sulla prima copertina del Bollettino degli Scienziati At...
Read more

SSLLabs SSL Test on 716 .gov https sites

Image
716 .gov https sites (thanks to @hackertarget dnsdumpster) 328 " F " (45,81%) 178 " A " (24,86%) (one IP address per subdomain unless multiple scores) 2016/03/02 18:12:18 a068-acswebsrv.nyc.gov 167.153.11.46: F 2016/03/02 18:12:29 ace.cbp.dhs.gov 216.81.83.93: F 2016/03/02 18:12:29 accela1.howardcountymd.gov 167.102.191.83: F 2016/03/02 18:12:35 1click.dhsoha.oregon.gov 170.104.63.76: A- 2016/03/02 18:12:38 adfs.txdot.gov 168.58.229.156: C 2016/03/02 18:12:42 adfg.alaska.gov 146.63.61.200: C 2016/03/02 18:12:52 aip.medi-cal.ca.gov 12.9.80.162: F 2016/03/02 18:13:02 ac.ninds.nih.gov 156.40.215.10: A 2016/03/02 18:13:06 adhimmreglive.arkansas.gov 170.94.17.67: A 2016/03/02 18:13:09 adherave.arkansas.gov 170.94.15.181: B 2016/03/02 18:13:24 alerts.rochestermn.gov 12.184.36.207: A 2016/03/02 18:13:24 airmobile.house.gov 143.228.131.184: F 2016/03/02 18:13:32 aoprals.state.gov 169.253.204.152: B 2016/03/02 18...
Read more