Website Security Solutions | Latest Guides | Blog

Understanding Password Managers and why to use them

| #Articles

In today's digitalised operations, businesses heavily depend on various online functionalities. Most, if not all, of these functionalities are password-protected. While passwords are crucial for securing digital assets, the sheer number of passwords individuals or businesses must manage can pose overwhelming challenges. Effectively managing these login credentials is vital for maintaining… [read more →]

A Guide to the Australian Information Security Manual (ISM)

| #Articles

In today's interconnected world, information security has become a critical concern for organisations of all sizes in all industries. Safeguarding valuable information assets and ensuring their confidentiality, integrity, and availability is paramount to establishing and maintaining trust with stakeholders while mitigating cyber threats' risks. Australian organisations recognise the importance of… [read more →]

Understanding Zero Trust. What is it?

| #Articles

In today's digital age, cyber security threats are becoming more and more subtle, and traditional security measures are no longer enough to protect your business data. That's where Zero Trust comes in; a revolutionary approach to cybersecurity that can help you safeguard your sensitive information from all angles. In this blog post, we'll explore what Zero Trust is, how it works,… [read more →]

How to Fix the ERR_SSL_VERSION_OR_CIPHER_MISMATCH Error

| #Articles

Whenever you attempt to access a website with an SSL certificate installed - which is (or ought to be) every website - an operation known as the SSL handshake takes place. During this short period of time, the SSL certificate in question does its job and establishes a safe web server connection between the host (website) and the client (your device). In some cases, however, the … [read more →]

How to Fix the SSL_ERROR_RX_RECORD_TOO_LONG Error

| #Articles

Over the years, Mozilla Firefox has proven itself to be a fast, lightweight, and reliable alternative to Google's own Chrome browser. While it's certainly a stellar tool and an excellent choice for any profile of user, the Firefox browser comes with its own set of error message alerts, warnings, and pop-ups that don't necessarily overlap with any other web browser. The infamous… [read more →]

How to Fix NET::ERR_CERT_DATE_INVALID Error

| #Articles

Also known as the "your connection isn't private" error, net:err_cert_date_invalid is a relatively common SSL certificate error message similar to the err_ssl_protocol_error message we had previously discussed. It comes in a few variations - depending on the specifics causing the problem in the first place - and it signifies a failure to load the website correctly. What is… [read more →]

How to Fix ERR_SSL_PROTOCOL_ERROR in Google Chrome

| #Articles

Whether you read up on them or just ignore them, web browsing errors are indeed a thing, and sometimes they can come up without much in the way of rhyme or reason. Or, at least, that's what it might look like at a glance. An error message is, after all, caused by an error of some sort, and looking into it should be a given. One of the most common SSL connection error examples,… [read more →]

Major Website Security Breaches You Need to Know About

| #Articles

Major website security breaches are, sadly, more common than most users might imagine. Here are a few of them that you might not have heard about! Data breaches are a common concern in this day and age. Depending on how prominent your business is on the Internet, odds are good that some malicious elements would love to breach your security and extract as… [read more →]

Establish a Hybrid Workplace Model with SSLTrust

| #Articles

Attempting to establish a hybrid workplace but have security concerns? Fret not: SSLTrust can help you successfully navigate this complex issue. It's difficult to overstate the sheer disruption of the world that was brought about by COVID-19. It feels like the pandemic led to changes both big and small in virtually every aspect of daily life, and it's particularly… [read more →]

How SSL Certificates Boost Your Domain Trustworthiness

| #Articles

Description: It's widely recognized that SSL certs boost your domain trustworthiness, but how does that work? Learn the important beats, quick and easy! As oblique as it might sound at first, domain trust is the single most important signifier of a website's value in the given search engine result pages. Search engines grade domains depending on the perceived amount of… [read more →]

Reasons to Get SSL Certificates: The What And Why

| #Articles

Description: Not sure if you need an SSL certificate for your website? Here are some extremely convincing reasons to get SSL certificates, and fast! As ubiquitous as SSL certificates might be in this day and age, quantifying their specific boons isn't always easy. An ideal SSL certificate doesn't really make itself known, after all, and an SSL certificate's… [read more →]

SSL/TLS best practices

| #Articles

Don’t worry about ciphers… if you’re using TLS 1.3 If you’re in the enviable position to be fully in control of your endpoints, TLS 1.3 is secure by default. The protocol deprecates a lot of technologies supported in earlier protocols solely for backwards compatibility. Additionally, in earlier versions of TLS, your cipher list must have been carefully curated in order to support perfect forward secrecy… [read more →]

Domain Hijacking and Strategies to Protect Yourself From Attacks

| #Articles

The visibility and overall success of any business with an online presence start with a good domain name. Unique, tailored, and specific domain names intuitively drive consumers and potential customers alike to a product or service. Once a business has secured a domain, they should fight tooth and nail to keep it, lest they subject themselves to a lengthy (and costly) rebranding exercise. Anyone… [read more →]

Best Practices For Securing Your SaaS

| #Articles

Over the past decade or so, software as a service has become a ubiquitous licensing and delivery model that has innumerable practical boons both for the end-user and for the developer. Much as is the case with virtually any other licensing model, however, there are faults to it, and some of them are endemic to the fact that SaaS providers need to rely on some sort of a centralised hosting system… [read more →]

Alternatives to OpenSSL

| #Articles

For more than 20 years, OpenSSL has been the most widely used SSL/TLS library in use by software applications for cryptographic purposes. OpenSSL itself was a fork of the SSLeay project, now defunct. OpenSSL is free and open source, which is a huge boon for a library serving as the backbone of a secure internet. While OpenSSL is by far the most prolific way of handling cryptography from within… [read more →]

Cyber Security: Is it an ideal career path?

| #Articles

Cybersecurity has become an important part of every organization’s data security strategy; and since its application has only increased, the demand for trained and experienced cybersecurity professionals has also grown rapidly. Even though there are many job opportunities available in this ever evolving field, there are many who are skeptical about whether cybersecurity is the right career c… [read more →]

What is a Certificate Authority? An easy to read guide

| #Articles

Domain certification is one of the chief concerns of a contemporary webmaster, but the SSL certificates we use on a daily basis don't appear out of thin air. Every modern SSL certificate is made by a trusted certificate authority (or certification authority) - a company that specialises in PKI and the production of digital certificates. With this article, we aim to explain what is a… [read more →]

What is SSL? An easy to read guide

| #Articles

SSL stands for Secure Sockets Layer, and it is the underlying technology used to protect a web server from potentially malicious actors and actions - through the use of cryptography. With this article, we'll attempt to dispel some false notions about SSL certificates, and explain in the simplest terms possible what SSL is, how it relates to TLS or Transport Layer Security, and what … [read more →]

An Easy Overview of the Essential 8

| #Articles

News came out in 2021 about the Australian Government mandating the essential 8 Cyber Security controls for all non-corporate Commonwealth entities. This is scheduled to be put into practice starting June 2022 with a compliance audit every 5-years. What are the essential 8? The essential 8 is a list of strategies recommended by the Australian Cyber Security Centre (ACSC) to mitigate targeted… [read more →]

TLS vs SSL - What Are The Differences?

| #Articles

As the importance of SSL certificates and cryptographic protocols at large begins to soar, and live security flaws become an ever-more-prominent issue with businesses' and individuals' respective online presences, the notion of security awareness has begun to crystallize, too. Namely, exposing security flaws such as deprecated SSL protocols, private key breaches, and web… [read more →]

Exploring Fully Homomorphic Encryption

| #Articles

Fully Homomorphic Encryption (FHE) is the act of operating on an encrypted dataset without first decrypting it. FHE seems at first to be a very abstract concept, but implemented security is both practical and lucrative. The classical example of its practicality is the ability to send encrypted data to a cloud-based provider whose vast resources are at your disposal on a demand-consumption pricing… [read more →]

Australia's Biggest Security Breaches in 2021

| #Articles

Australian companies and individuals are being hit with cyber-attacks and scams daily. As our world relies more heavily on digital technology, we are experiencing a rapid growth in attacks and breaches. Technology is always changing therefore so are the attacks. As a result of the COVID-19 pandemic we have experienced skyrocketing growth in the digital world. Many things that were never… [read more →]

OpenSSL 3.0: What you should know

| #Articles

OpenSSL 3.0 has been released, and with it there are some notable changes to the popular library used almost everywhere for implementing SSL/TLS. As of now, the OpenSSL 1.1.1 branch is still under active development, so while it’s worth evaluating the lift to upgrade your applications, as of yet there is no urgency. In fact, OpenSSL 1.1.1 was designated an LTS release, and will receive security f… [read more →]

How to get a job in Cyber Security

| #Articles

So, you want a job in cyber security? It can be daunting trying to land your first job in a new industry, whether it’s a career change, your first job out of high school, or getting work in the industry while at university. The cyber-security industry is an exponentially growing field of work not just in Australia but on a global scale. There aren’t enough professionals in the field to meet this dem… [read more →]

How do Cyber Criminals hack and steal your account details?

| #Articles

Hackers are smart and lazy. Who would want to sit at a computer all day typing away guessing passwords? Not me. They say that lazy people are often the innovators of our society, thinking of ways to do things that require minimal time and effort. Over the decades' hackers have been sharing and developing their methods and refining their tools to take over user accounts. Nowadays it is extremely… [read more →]

How to have Strong Passwords - A Quick Guide

| #Articles

Do you use the same password for everything? If yes, then read on.... If you use the same password for everything this article is for you. Your passwords are the digital keys to all your information such as your banking details, contacts, messages, photos, address, and more. They hold so much power in protecting our personal information yet most people, probably including yourself, have a… [read more →]

What is FIPS compliance?

| #Articles

FIPS (Federal Information Processing Standard) is a set of requirements asserted by NIST in order to centralize and make uniform the ways in which the US government manage the risks associated with securing and transporting sensitive information. FIPS came into existence as part of the larger FISMA legislation in 2002, and quickly became a commonly imitated framework for information security in… [read more →]

Considering Full Disk Encryption? What to know.

| #Articles

Full Disk Encryption (FDE) refers to the practice of encrypting a device (laptop, cell phone, etc) at-rest. Decryption is performed at boot time, relying on user input, a cryptographic key stored in hardware, or a combination both. FDE is an important part of defense-in-depth as the protection schemes employed by typical operating systems are only enforced when the operating system is running.… [read more →]

How to choose the right encryption

| #Articles

It can be very difficult to bridge the gap between the theoretical and the practical. This is a pattern I’ve seen repeat itself again and again throughout my career – someone might be very technical, and very familiar with encryption, but when it comes time to solve a real-world business problem as a developer or a systems administrator, that knowledge doesn’t always translate to something defen… [read more →]

PBKDF2: Password Based Key Derivation

| #Articles

PBKDF2, defined in RFC 2898, is a specific Key Derivation Function (KDF). A KDF is simply any mechanism for taking a password (something a user remembers or stores in a password manager) and turning it into a symmetric key suitable for cryptographic operations (i.e., AES). It turns out that this approach is extremely handy for a variety of use cases. However, it is also not without its flaws. … [read more →]

Certificate Revocation, How it Works with CRLs or OCSP

| #Articles

Certificate Revocation refers to the act of canceling a signed certificate before its expiration date. This can be done due to private key compromise, retirement of a service, or various administrative reasons. There are many different approaches for verifying that a certificate is still in good standing, and often a combination is used in order to provide fault tolerance. Certificate… [read more →]

Encryption vs Hashing: What’s the difference?

| #Articles

Both Encryption and Hashing are fundamental building blocks of cryptosystems. When it comes to best practices for storing credentials in your application however, best practice is largely driven by what you’re trying to do. There are a lot of well-meaning security professionals who elect an extremely dogmatic stance: “Encrypting passwords is bad! You must hash them”. This is usually true, except when … [read more →]

What Is SNI? Encrypted SNI (ESNI and ECH)

| #Articles

When a piece of server software wants to make itself available to clients via the network, it binds to a socket. A socket is simply the IP address and port combination the server software listens on for connections. (Most commonly server software chooses to listen on a particular port across all available network interfaces). What happens though if a particular server wants to serve multiple,… [read more →]

What is SHA-256? How is Hashing used?

| #Articles

Next to encryption, hashing is perhaps the most important building block of modern cryptosystems. But what is a hash? Why is it important? How can some ways of computing a hash be better than others, and what makes a particular method suitable for cryptography? What is a hash? What do we use hashes for? What makes a hash suitable for cryptographic purposes? Testing it with OpenSSL … [read more →]

What is 256-bit Encryption? How long would it take to crack?

| #Articles

It is a peculiar thing to see, but more and more commonly terms of art make their way into the mainstream media. It seems that every week a new article about a vulnerability, cyberattack, or data breach makes its way into public discourse. One phrase used to give confidence in a strong encryption scheme is “256-bit encryption”, but what does this mean? What is Encryption? What is a Key Size? H… [read more →]

DDOS Attacks: A game of cat and mouse

| #Articles

What is a DOSS Attack? How can it be prevented? How often does this sort of thing happen? How do attackers get their hands on so much bandwidth? What can I do? What is a DOSS Attack? A distributed-denial-of-service (DDOS) attack occurs when a service provider is intentionally overwhelmed at the network layer by a large volume of requests. These requests might consist of normal traffic… [read more →]

SSL/TLS and captive portals

| #Articles

What is a captive portal? Have you ever used public internet at an airport or a coffee shop? Perhaps you have to accept a terms of service before being granted access to the WIFI at your place of work? If so, chances are that you’ve used a captive portal – possibly without knowing it! Captive Portals are a legitimate means of grabbing the users attention, either to force them to accept terms of ser… [read more →]

Let's Encrypt becoming untrusted in 2021 for some

| #Articles

Let’s Encrypt is a fairly popular service offering free SSL/TLS certificates to those who are uninterested in the value-add of traditional certificate resellers. Historically, this CA has partnered with IdenTrust to provide this service as it has existed in the root stores of client machines for many years. Let’s Encrypt’s strategy was dualfold: their certificates were signed by their own CA while… [read more →]

A Quick Guide to Understanding Ransomware

| #Articles

One of the biggest threats to any organisation today is a ransomware attack. Bad actors, through the use of purpose-built software, infiltrate a computer network and take data hostage. This kind of attack can affect companies big and small, in every sector. So much of what we do depends on technology. Imagine if a company providing an online service can no longer provide that service to its… [read more →]

Understanding the SSL/TLS Racoon Attack

| #Articles

It’s that time again. As protocols mature, inevitably security vulnerabilities lurking beneath the surface are uncovered by security professionals. The so-called “Racoon” vulnerability is unusual however in that it affects TLS 1.2, arguably the most secure version of SSL/TLS to be using today. Some sensationalists describe this as the “Heartbleed of 2020”, while other researchers contend that this vuln… [read more →]

Understanding Certificate Cross-Signing

| #Articles

Certificate Cross-Signing is a nuance of PKI which is often poorly understood. This topic is particularly salient as of late, as a long-lived root certificate managed by Sectigo (formerly Comodo) expired, causing many unexpected problems for many legacy systems worldwide. But how can certificate expiration lead to service downtime? Who is responsible for being aware that this can happen? How can… [read more →]

When to use a Wildcard SSL Certificate

| #Articles

SSL/TLS uses x509 certificates to secure digital communications. These certificates are bound to a particular DNS name, and signed by a Certificate Authority. Browsers attempt to validate the certificate by chaining back to a root certificate in its root certificate store. If a website does not have an SSL/TLS certificate installed that matches the DNS name by which it was accessed, it is an… [read more →]

Let’s Encrypt Revokes 3 Million Certificates

| #Articles

On Friday February 28th, Let’s Encrypt made the tough decision to revoke over 3 million certificates they had issued due to a bug in the software they use to validate CAA records. This gave companies relying on Let’s Encrypt under a week to replace these certificates on their endpoints. While this procedure did not necessarily require downtime (depending on the specific server configuration) it did… [read more →]

Zero-Day Vulnerabilities and its Impact on Business

| #Articles #Security

Computer System Vulnerabilities are a serious security issue that can find its way to our computers through harmless browsing activities. This can be as simple as visiting a website, clicking on a compromised message or downloading software with compromised security protocols. Exploited and infected malware exposes our systems, allowing unauthorized control to the hackers. The system becomes… [read more →]

TLS 1.3, HTTP/3 and DNS over TLS - 2019 Highlights

| #Articles #Security

2019 has been a big year for digital cryptography. The privacy minded should be very excited about changes on the horizon. Specifically, some of the biggest changes around the corner are: TLS 1.3 HTTP/3 Widespread support for DNS over TLS TLS 1.3 RFC 8446 finalized the specification of TLS 1.3.With it includes faster connection times, deprecation of insecure ciphers, simplified negotiation of… [read more →]

The Future of the Australian CyberSecurity Strategy

| #Articles #Security

Cyber Security Discussion Paper Australia's Cybersecurity Concerns Improving Australia’s Cybersecurity Strategy / Building Alliances Joint Working Group with India Cybersecurity Framework Cyber Security Discussion Paper Australia launched its first Cybersecurity strategy back in 2016. This new cybersecurity model was set to last from 2016 through 2020. Earlier this month ASPI’s International Cyb… [read more →]

The Quick Guide to Ransom Attacks

| #Articles #Security

What is Ransomeware and Ransom Attacks? How does it work? A History of Ransom Attacks. Types of Ransomware. How to Protect Against Ransom Attacks? What to do if you are affected by ransomware encryption. What is Ransomeware and Ransom Attacks? Ransomware is malicious software that blocks, or denies access to a computer system or data until a ransom is paid by the victim. A ransom usually has a… [read more →]

The Quick and Easy Guide to PCI Compliance

| #Articles #Security

What is it PCI Compliance? Who is it for? 4 Levels of PCI Compliance Why do we need it? PCI Compliance Requirements Firewall Change IDs and Passwords Protect cardholder data-at-rest Protect cardholder data-in-transit AntiVirus Develop and Maintain secure systems and applications Restrict access to Data Unique ID and Authentication Restrict… [read more →]

Cloud Computing, Recent Hacks and Security Risks of 2019

| #Articles #Hacks #Security

What is Cloud Computing? Cloud Computing Risks Lack of Control and Availability Data Security Lost Data The Capital One Data Breach Cloud Computing Hack affects PCM Is Cloud Computing Worth it? What is Cloud Computing? Cloud computing is the practice of using a network of remote servers hosted on the Internet to store, manage, and process data, rather than a local server or a… [read more →]

Route Poisoning: Why we need SSL/TLS

| #Articles

SSL/TLS is the bedrock of modern security. Just about all security strategies involve it or chain back to it at some point. At its core, the contract is this: something encrypted with a user’s public key can only be decrypted by the corresponding private key, and something encrypted with the user’s private key can only be decrypted by the corresponding public key. From this we derive digital sig… [read more →]