In this five part blog series, I've been focusing on covering some of the attacks that have exploited various features in the SSL/TLS mechanism. We've covered general bad practices, bad implementation, oracles, and ...

In this five part blog series, I've been focusing on covering some of the attacks that have exploited various features in the SSL/TLS mechanism. We've covered general bad practices, bad implementation, and oracles. Today...

In this five part blog series, I've been focusing on covering some of the attacks that have exploited various features in the SSL/TLS mechanism. We've covered general bad practices and bad implementation. Today we'll be...

Issues with SSL and TLS are seemingly commonplace these days. In my previous post, I discussed many of the vulnerabilities that I've come across in the last few years conducting software security assessments for our...

With all the SSL/TLS bugs that seem to come out every month nowadays, as a security penetration tester it's hard for me to remember which bug causes what, how hard the exploit is, and what needs to be done to fix it. Over...

Chrome Takes on Quantum Computers

by Gene Carter on July 25, 2016 at 11:36 AM

Recently, Google announced they are testing a quantum resistant cryptographic algorithm for the Chrome browser, specifically the new Canary version used for experimentation. If you are unfamiliar with quantum resistant...

The National Institute of Standards and Technology (NIST), which is part of the US Department of Commerce, recently released a Report on Post-Quantum Cryptography. In the report, they review the threat posed by quantum...

Your Best Kept Secrets Aren't Really Secrets

by Gene Carter on February 18, 2016 at 11:11 AM

"I use a FIPS-140 approved cryptographic module, so my communications are safe." This is a statement we hear quite often and it is true - as long as those communications only need to remain secret for a short time. There...

When will Quantum Computers Arrive?

by Gene Carter on January 27, 2016 at 8:44 AM

If you have been following my blogs over the past few months, you’ll know there has been a flurry of activity around quantum computing. An overwhelming consensus now exists that quantum computers of sufficient strength to...

If you have been following any of my posts over the past few months, you'll already know that there have been a flurry of recent quantum computing and quantum-resistant cryptography announcements from the NSA, Google, and...