Showing posts with label HTTPS. Show all posts
Showing posts with label HTTPS. Show all posts

Friday, April 11, 2014

Heartbleed - A picture that tell a thousand words


20140414 Update #2
The server's private key can be obtained. This is confirmed. See here.

Update #1:
Apparently NSA KNEW about this since years ago. Surprised? Not really...


 
Well explained. Picture taken from xkcd - http://xkcd.com/1354/

How bad is heartbleed? Very bad. It affects not only https. But all other applications, servers , routers, firewalls that use OpenSSL.

We have heard all the bad news. But, there is a little good news. Retrieving private keys may not be that easy. This post explains it all. However, getting passwords are still easy if you are lucky (well, try a few times). There are a few websites that you can use to check if a website is vulnerable, but done give you the dumps. Here is the python script that give you the dump.
Tips: run it in debug mode.




Posted by at No comments:
Labels: ,

Tuesday, January 8, 2013

Yahoo Mail is now fully HTTPS. This is how to turn it on.



Good news to loyal Yahoo Mail users like me, as of 2013 you can have full HTTPS session when using Yahoo Mail.

Some would argue that Gmail has it implemented since the day it was launched years ago. Anyway, it's still a good news to us. Yahoo is doing all the right things after they recruited their new CEO Marissa Mayer from Google. In case you missed it, the recently updated Yahoo Mail interface is also better, faster and simpler to use.

Why https? In layman term, to protect your email session from malicious eyes. It's the same reason why you want your internet banking to be in https. Want to know more about https? Check out the wiki  :)

So, how do you turn on the https in Yahoo Mail? It's pretty simple actually. Go to Mail Options, scroll down and tick the box. See below:


Posted by at No comments:
Labels: , ,
Subscribe to: Posts (Atom)