Website Security Solutions | Latest Guides | Blog

OpenSSL 1.1.1k Patches for Two High-Severity Vulnerabilities

| #News

A lot can be learned about SSL/TLS by analyzing real-world bugs and the ways in which vendors patch them. This past week OpenSSL 1.1.1k was released, which corrected two high severity bugs in the popular OpenSSL software. Specifically, CVE-2021-3450 and CVE-2021-3449 are considered to be “high” severity but not “critical” severity because while they are extremely impactful, they affect less common … [read more →]

What is SHA-256? How is Hashing used?

| #Articles

Next to encryption, hashing is perhaps the most important building block of modern cryptosystems. But what is a hash? Why is it important? How can some ways of computing a hash be better than others, and what makes a particular method suitable for cryptography? What is a hash? What do we use hashes for? What makes a hash suitable for cryptographic purposes? Testing it with OpenSSL … [read more →]

What is 256-bit Encryption? How long would it take to crack?

| #Articles

It is a peculiar thing to see, but more and more commonly terms of art make their way into the mainstream media. It seems that every week a new article about a vulnerability, cyberattack, or data breach makes its way into public discourse. One phrase used to give confidence in a strong encryption scheme is “256-bit encryption”, but what does this mean? What is Encryption? What is a Key Size? H… [read more →]

DDOS Attacks: A game of cat and mouse

| #Articles

What is a DOSS Attack? How can it be prevented? How often does this sort of thing happen? How do attackers get their hands on so much bandwidth? What can I do? What is a DOSS Attack? A distributed-denial-of-service (DDOS) attack occurs when a service provider is intentionally overwhelmed at the network layer by a large volume of requests. These requests might consist of normal traffic… [read more →]

Let's Encrypt becoming untrusted in 2021 for some

| #Articles

Let’s Encrypt is a fairly popular service offering free SSL/TLS certificates to those who are uninterested in the value-add of traditional certificate resellers. Historically, this CA has partnered with IdenTrust to provide this service as it has existed in the root stores of client machines for many years. Let’s Encrypt’s strategy was dualfold: their certificates were signed by their own CA while… [read more →]