Internet Insecure Without TLS

by

The latest shoe to drop for Internet security?

http://lgms.nl/blog-2   Luc Gommans, a student at Roermond, Netherlands.

Although he is also working at HBO Software Engineering and
Cyber Security.

 

Has put together a test for the most basic connection of the Internet…  a TCP handshake test.

lucgommanstcphandshake

 

He goes on to explain a Man in the middle attack which he calls a Faking the TCP handshake.

True Luc, Internet technology is not secure by default.  One has to use secure encryption technologies (like TLS)

 

And for some it may not work correctly:

As you notice in the following:

“Your connection to www.chase.com is encrypted with obsolete technology”

chasenotverified

 

from an old blog post:

http://oversitesentry.com/bank-website-not-verified-says-chrome/

 

And as you may know from our

http://oversitesentry.com/ssl-security-is-no-longer-pci-compliant/

ssl_certificate_hacked

Standard SSL is no longer compliant and can be relatively easy to hack.

 

So…  even encryption does not ensure security – so the technologies you use must be tested.

 

http://oversitesentry.com/contact-us/

3 thoughts on “Internet Insecure Without TLS”

  1. Pingback: “New” PCI Compliance v3.2 now published – Oversite Sentry
  2. Pingback: Why Are we in a Big Cybersecurity Mess? – Explaining Security
  3. Pingback: Achieve True Privacy Protections – Explaining Security

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.