|
|
|
PHP, Python and Google Go Fail To Detect Revoked TLS Certificates |
Si vous voulez bloquer ce service sur vos fils RSS
Si vous voulez nous contacter ou nous proposer un fil RSS
Menu > Articles de la revue de presse : - l'ensemble [ tous | francophone] - par mots clé [ tous] - par site [ tous] - le tagwall [ voir] - Top bi-hebdo de la revue de presse [ Voir]
Présentation : An anonymous reader writes Four years after the release of a groundbreaking study on the state of SSL TLS certificates in non-browser applications APIs to be exact , some programming languages fail to provide developers with the appropriate tools to validate certificates. Using three simple test scripts connected to a list of known vulnerable HTTPS servers, researchers logged their results to see which programming languages detected any problems. According to the results, all tested programming languages PHP, Python, Go , in various configurations, failed to detect HTTPS connections that used revoked SSL TLS certificates. This is a problem for HTTPS-protected APIs since users aren't visually warned, like in browsers, that they're on an insecure connection. PHP, Python, and Google Go perform no revocation checks by default, neither does the cURL library. If the certificate was compromised and revoked by the owner, you will never know about it, noted Sucuri's Peter Kankowski. Share on Google Read more of this story at Slashdot.
Les mots clés de la revue de presse pour cet article : python google
Les videos sur SecuObs pour les mots clés : python google
Les mots clés pour les articles publiés sur SecuObs : google
Les éléments de la revue Twitter pour les mots clé : python google
Les derniers articles du site "Slashdot Your Rights Online" :
- FBI Director Suggests iPhone Hacking Method May Remain Secret
- City Installs Traffic Lights In Sidewalks For Smartphone Users
- Tesla Will Install More Energy Storage With SolarCity In 2016 Than The US Installed In 2015
- Symantec Cruz and Kasich Campaign Apps May Expose Sensitive Data
- New 'Tunneling' State of Water Molecules Discovered by Scientists
- Your Pay Is About To Go Up
- Software Audits How High-Tech Software Vendors Play Hardball
- Swedish ISP Vows to Protect Users From a Piracy Witch Hunt
- US Wants Its Own Secure and Self-Destructing Messaging App -- And It's Willing to Pay
- Spy Chief Complains That Edward Snowden Sped Up Spread of Encryption By 7 Years
Menu > Articles de la revue de presse : - l'ensemble [ tous | francophone] - par mots clé [ tous] - par site [ tous] - le tagwall [ voir] - Top bi-hebdo de la revue de presse [ Voir]
Si vous voulez bloquer ce service sur vos fils RSS :
- avec iptables "iptables -A INPUT -s 88.190.17.190 --dport 80 -j DROP"
- avec ipfw et wipfw "ipfw add deny from 88.190.17.190 to any 80"
- Nous contacter par mail
| Mini-Tagwall des articles publiés sur SecuObs : | | | | sécurité, exploit, windows, attaque, outil, microsoft, réseau, audit, metasploit, vulnérabilité, système, virus, internet, usbsploit, données, source, linux, protocol, présentation, scanne, réseaux, scanner, bluetooth, conférence, reverse, shell, meterpreter, vista, rootkit, détection, mobile, security, malicieux, engineering, téléphone, paquet, trames, https, noyau, utilisant, intel, wishmaster, google, sysun, libre |
| Mini-Tagwall de l'annuaire video : | | | | curit, security, biomet, metasploit, biometric, cking, password, windows, botnet, defcon, tutorial, crypt, xploit, exploit, lockpicking, linux, attack, wireshark, vmware, rootkit, conference, network, shmoocon, backtrack, virus, conficker, elcom, etter, elcomsoft, server, meterpreter, openvpn, ettercap, openbs, iphone, shell, openbsd, iptables, securitytube, deepsec, source, office, systm, openssh, radio |
| Mini-Tagwall des articles de la revue de presse : | | | | security, microsoft, windows, hacker, attack, network, vulnerability, google, exploit, malware, internet, remote, iphone, server, inject, patch, apple, twitter, mobile, virus, ebook, facebook, vulnérabilité, crypt, source, linux, password, intel, research, virtual, phish, access, tutorial, trojan, social, privacy, firefox, adobe, overflow, office, cisco, conficker, botnet, pirate, sécurité |
| Mini-Tagwall des Tweets de la revue Twitter : | | | | security, linux, botnet, attack, metasploit, cisco, defcon, phish, exploit, google, inject, server, firewall, network, twitter, vmware, windows, microsoft, compliance, vulnerability, python, engineering, source, kernel, crypt, social, overflow, nessus, crack, hacker, virus, iphone, patch, virtual, javascript, malware, conficker, pentest, research, email, password, adobe, apache, proxy, backtrack |
|
|
|
|
|
