Getting Ready for 2016: SHA-2 (SHA256) Certificates and Apache

It seems Google has declared SHA-1 encryption insecure. Chrome now complains about sites using this protocol for secure (https) connections. From what I understand, certificates and servers should be upgraded before 2016 in order to be viewable by Chrome users. Once again, I turned to Qualys SSL Labs for help. Their SSL Server Test is … Read more

Google: Once again, WTF?

I just noticed that Google Chrome for Windows now installs a plugin to Firefox called Google Updater. WTF is this? It’s bad enough that Chrome acts like malware and installs in the Windows User’s directory under \AppData\Local\, but why are you infecting my Firefox? Is your software so inherently insecure that it must depend on … Read more

The POODLE bytes: Taming the Dog

Just yesterday, my supervisor forwarded me an email about the SSLv3 POODLE attack, and asked me if our servers were secured against this issue. I was forced to admit that I had never heard of POODLE, but that I’d do some research and get back to her. I Googled around a bit and found a … Read more