Windows Secrets Newsletter: More threats to SSL security certs

windows secrets

By Susan Bradley/Windows Secrets Newsletter

Hard on the heels of the counterfeit SSL certificates scandal comes a new SSL security threat.

The recent ekoparty Security Conference in Argentina broke the news that encrypted SSL/TLS traffic is vulnerable to attack. But should we rush to install the workarounds?

Are the SSL protocols truly broken? Again?

Microsoft Security advisory KB 2588513, issued September 26, revealed that hackers can decrypt encrypted SSL traffic. But before you yank that Internet connection out of the wall, never to go online again, consider that mitigating factors make a successful attack of this kind extremely difficult to accomplish.

As detailed in Microsoft’s Security Research & Defense blog, a man-in-the-middle attacker must first place himself between you and the server with which you’re communicating — and then must be there exactly at the right time to sniff your traffic.

That said, if you’re still feeling queasy about this new danger, you have two ways to protect yourself. First, formally sign in and sign out of secured sites: don’t just close the browser when you’ve finished your session. Second, you can enable the support of TLS 1.1 and disable TLS 1.0 in Windows 7′s Internet Options (as shown in Figure 1) by using the Fixits in KB 2588513.

Article Continued Here:

This post is excerpted with permission from Windows Secrets.

Windows Secrets Newsletter

About Windows Secrets

Insider tips, authoritative how-tos, security best practices, and more. The weekly Windows Secrets Newsletter brings you essential tips for Windows, applications, and computing on the Internet.

Leave a Reply

Your email address will not be published. Required fields are marked *


You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Scan with PC Matic

Sign up for our FREE Newsletter

Our weekly newsletter is packed with computer tips & tricks.
As a bonus, receive monthly emails with exclusive offers.

Which device is the most important to you?

View Results

Loading ... Loading ...


Contributors