SSL Survey
Results 1 to 2 of 2

Thread: SSL Survey

  1. #1
    Super Moderator
    Know-it-All Master Beaver

    Join Date
    Jan 2003
    Posts
    3,914

    SSL Survey

    I'm speaking at SecTor (www.sector.ca) in Toronto next week and I'm trying to collect some data on perceptions of SSL from various target groups.

    I figured I'd post an additional survey here -- http://www.surveymonkey.com/s.aspx?s...ShsDD1NA_3d_3d

    The data will eventually be released on SSLFail.com following the conference.
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  2. #2
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,324
    SSL has been a sore subject in my organization. We had a pentest done before I was hired and the pentesters had used bot which was emailed to a user and they were tricked to install it. Once installed, it communicated over SSL using a self signed certificate. The answer to fix that was to block access to ALL SSL sites and to permit only those that had been inspected by IT.

    As you can imagine, this caused a huge amount of overhead on the network admins as they had to check out every SSL site. All the while, there was no proxy/content inspection for normal HTTP sites and all that traffic was allowed through.

    When I saw this was happening, I was amazed that this was their answer. To me, it was just a waste of time. As it turned out, they were using a sonicwall firewall which has SSL control which allows you to block untrusted CAs, weak SSL ciphers, self signed certs, etc. Then just white list their domain if they are ok to use. I setup this feature and implemented a Bluecoat SG Proxy with SSL inspection.

    There are several other layers that I've implemented but they have to do with antivirus/firewall and local access, so they are not relevant to this discussion.

    http://www.sonicwall.com/downloads/2...ure_Module.pdf
    http://www.bluecoat.com/news/pr/202
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

Similar Threads

  1. UK 'full of fraudsters' - survey
    By Paws in forum AntiOnline's General Chit Chat
    Replies: 6
    Last Post: November 25th, 2005, 05:29 PM
  2. Survey: Spam costs companies $22bn yearly
    By zencoder in forum Miscellaneous Security Discussions
    Replies: 6
    Last Post: February 5th, 2005, 06:25 PM
  3. Survey: Security efforts paying off
    By SDK in forum Miscellaneous Security Discussions
    Replies: 1
    Last Post: June 11th, 2004, 03:49 PM
  4. To do a market survey.
    By invader in forum AntiOnline's General Chit Chat
    Replies: 2
    Last Post: May 15th, 2003, 03:18 PM
  5. non-tech, UN Survey
    By bimmer in forum Tech Humor
    Replies: 2
    Last Post: November 24th, 2002, 05:10 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides