ARRA HIPAA BREACH TLS |
| 2009-05-09 | Patrick Nolan | Unusable, Unreadable, or Indecipherable? No Breach reporting required |
ARRA |
| 2022-03-11/a> | Xavier Mertens | Keep an Eye on WebSockets |
| 2009-06-06/a> | Patrick Nolan | ARRA/HIPAA Breach Reporting Dates Approaching |
| 2009-05-09/a> | Patrick Nolan | Unusable, Unreadable, or Indecipherable? No Breach reporting required |
HIPAA |
| 2012-05-31/a> | Johannes Ullrich | SCADA@Home: Your health is no secret no more! |
| 2009-06-06/a> | Patrick Nolan | ARRA/HIPAA Breach Reporting Dates Approaching |
| 2009-05-09/a> | Patrick Nolan | Unusable, Unreadable, or Indecipherable? No Breach reporting required |
BREACH |
| 2023-09-02/a> | Jesse La Grew | What is the origin of passwords submitted to honeypots? |
| 2016-09-22/a> | Rick Wanner | YAHDD! (Yet another HUGE data Breach!) |
| 2016-08-31/a> | Deborah Hale | Dropbox Breach |
| 2015-04-08/a> | Tom Webb | Is it a breach or not? |
| 2015-03-21/a> | Russell Eubanks | Have you seen my personal information? It has been lost. Again. |
| 2014-12-01/a> | Guy Bruneau | Do you have a Data Breach Response Plan? |
| 2014-08-23/a> | Guy Bruneau | NSS Labs Cyber Resilience Report |
| 2014-06-13/a> | Richard Porter | A welcomed response, PF Chang's |
| 2013-12-21/a> | Daniel Wesemann | Adobe phishing underway |
| 2013-10-05/a> | Richard Porter | Adobe Breach Notification, Notifications? |
| 2013-10-04/a> | Johannes Ullrich | The Adobe Breach FAQ |
| 2013-07-22/a> | Johannes Ullrich | Apple Developer Site Breach |
| 2013-07-21/a> | Guy Bruneau | Ubuntu Forums Security Breach |
| 2013-02-22/a> | Johannes Ullrich | Zendesk breach affects Tumblr/Pinterest/Twitter |
| 2013-01-04/a> | Daniel Wesemann | Blue for Reset? |
| 2012-11-22/a> | Kevin Liston | Greek National Arrested on Suspicion of Theft of 9M Records on Fellow Greeks |
| 2012-07-16/a> | Jim Clausing | An analysis of the Yahoo! passwords |
| 2012-06-06/a> | Jim Clausing | Potential leak of 6.5+ million LinkedIn password hashes |
| 2012-01-16/a> | Kevin Shortt | Zappos Breached |
| 2011-09-15/a> | Swa Frantzen | DigiNotar looses their accreditation for qualified certificates |
| 2011-09-07/a> | Lenny Zeltser | GlobalSign Temporarily Stops Issuing Certificates to Investigate a Potential Breach |
| 2011-09-06/a> | Swa Frantzen | DigiNotar audit - intermediate report available |
| 2011-09-01/a> | Swa Frantzen | DigiNotar breach - the story so far |
| 2011-06-21/a> | Chris Mohan | StartSSL, a web authentication authority, suspend services after a security breach |
| 2011-05-30/a> | Johannes Ullrich | Lockheed Martin and RSA Tokens |
| 2011-05-25/a> | Lenny Zeltser | Monitoring Social Media for Security References to Your Organization |
| 2011-04-28/a> | Chris Mohan | DSL Reports advise 9,000 accounts were compromised |
| 2011-04-20/a> | Daniel Wesemann | Data Breach Investigations Report published by Verizon |
| 2011-04-04/a> | Mark Hofman | When your service provider has a breach |
| 2011-03-25/a> | Rob VandenBrink | The Recent RSA Breach - Imagining the Worst Case, And Why it Isn't Time to Panic (Yet) |
| 2010-12-28/a> | John Bambenek | Mozilla Notifies of Relatively Minor Security Breach |
| 2010-07-29/a> | Rob VandenBrink | The 2010 Verizon Data Breach Report is Out |
| 2010-06-10/a> | Deborah Hale | iPad Owners Exposed |
| 2010-04-13/a> | Johannes Ullrich | Apache.org Bugtracker Breach |
| 2009-07-28/a> | Adrien de Beaupre | YYAMCCBA |
| 2009-07-23/a> | John Bambenek | Missouri Passes Breach Notification Law: Gap Still Exists for Banking Account Information |
| 2009-06-06/a> | Patrick Nolan | ARRA/HIPAA Breach Reporting Dates Approaching |
| 2009-05-09/a> | Patrick Nolan | Unusable, Unreadable, or Indecipherable? No Breach reporting required |
| 2009-05-05/a> | Bojan Zdrnja | Health database breached |
| 2009-04-24/a> | John Bambenek | Data Leak Prevention: Proactive Security Requirements of Breach Notification Laws |
| 2009-04-15/a> | Marcus Sachs | 2009 Data Breach Investigation Report |
| 2009-02-08/a> | Mari Nichols | Are we becoming desensitized to data breaches? |
| 2009-01-30/a> | Mark Hofman | We all "Love" USB drives |
TLS |
| 2025-02-07/a> | Jan Kopriva | SSL 2.0 turns 30 this Sunday... Perhaps the time has come to let it die? |
| 2023-04-13/a> | Johannes Ullrich | HTTP: What's Left of it and the OCSP Problem |
| 2022-07-06/a> | Johannes Ullrich | How Many SANs are Insane? |
| 2022-05-12/a> | Rob VandenBrink | When Get-WebRequest Fails You |
| 2022-02-14/a> | Johannes Ullrich | Reminder: Decoding TLS Client Hellos to non TLS servers |
| 2021-09-28/a> | Jan Kopriva | TLS 1.3 and SSL - the current state of affairs |
| 2021-04-16/a> | Xavier Mertens | HTTPS Support for All Internal Services |
| 2021-04-15/a> | Johannes Ullrich | Why and How You Should be Using an Internal Certificate Authority |
| 2021-03-30/a> | Jan Kopriva | Old TLS versions - gone, but not forgotten... well, not really "gone" either |
| 2020-12-30/a> | Jan Kopriva | TLS 1.3 is now supported by about 1 in every 5 HTTPS servers |
| 2020-12-19/a> | Guy Bruneau | Secure Communication using TLS in Elasticsearch |
| 2020-09-09/a> | Johannes Ullrich | A First Look at macOS 11 Big Sur Network Traffic (New! Now with more GREASE!) |
| 2019-12-13/a> | Jan Kopriva | Internet banking sites and their use of TLS... and SSLv3... and SSLv2?! |
| 2019-10-22/a> | Bojan Zdrnja | Testing TLSv1.3 and supported ciphers |
| 2019-10-21/a> | Jim Clausing | What's up with TCP 853 (DNS over TLS)? |
| 2019-08-07/a> | Bojan Zdrnja | Verifying SSL/TLS configuration (part 2) |
| 2019-07-23/a> | Bojan Zdrnja | Verifying SSL/TLS configuration (part 1) |
| 2019-04-13/a> | Johannes Ullrich | Configuring MTA-STS and TLS Reporting For Your Domain |
| 2018-08-10/a> | Remco Verhoef | Hunting SSL/TLS clients using JA3 |
| 2018-01-22/a> | Didier Stevens | HTTPS on every port? |
| 2017-05-30/a> | Johannes Ullrich | FreeRadius Authentication Bypass |
| 2017-03-08/a> | Richard Porter | What is really being proxied? |
| 2017-03-01/a> | Bojan Zdrnja | SSL/TLS on port 389. Say what? |
| 2016-07-05/a> | Johannes Ullrich | Apache Update: TLS Certificate Authentication Bypass with HTTP/2 (CVE-2016-4979) |
| 2016-01-08/a> | Mark Hofman | SLOTH, attack on TLS using MD5 |
| 2015-05-20/a> | Brad Duncan | Logjam - vulnerabilities in Diffie-Hellman key exchange affect browsers and servers using TLS |
| 2015-02-11/a> | Johannes Ullrich | Did PCI Just Kill E-Commerce By Saying SSL is Not Sufficient For Payment Info ? (spoiler: TLS!=SSL) |
| 2014-08-11/a> | Bojan Zdrnja | Verifying preferred SSL/TLS ciphers with Nmap |
| 2014-06-12/a> | Johannes Ullrich | Metasploit now includes module to exploit CVE-2014-0195 (OpenSSL DTLS Fragment Vuln.) |
| 2014-03-04/a> | Daniel Wesemann | Triple Handshake Cookie Cutter |
| 2011-09-22/a> | Rob VandenBrink | TLS 1.2 - Look before you Leap ! |
| 2011-09-20/a> | Kevin Liston | SSL/TLS Vulnerability Details to be Released Friday |
| 2011-07-10/a> | Raul Siles | Security Testing SSL/TLS (HTTPS) Implementations |
| 2010-07-23/a> | Mark Hofman | A bit old, however CISCO has updated the November 2009 TLS renegotiation vulnerability with additional vulnerable products and patch information. More details here http://www.cisco.com/warp/public/707/cisco-sa-20091109-tls.shtml |
| 2010-04-25/a> | Raul Siles | Manual Verification of SSL/TLS Certificate Trust Chains using Openssl |
| 2010-02-10/a> | Marcus Sachs | Vulnerability in TLS/SSL Could Allow Spoofing |
| 2009-11-13/a> | Adrien de Beaupre | TLS & SSLv3 renegotiation vulnerability explained |
| 2009-11-06/a> | Andre Ludwig | New version of OpenSSL released - OpenSSL 0.9.8l |
| 2009-11-05/a> | Swa Frantzen | TLS Man-in-the-middle on renegotiation vulnerability made public |
| 2009-10-16/a> | Adrien de Beaupre | Cyber Security Awareness Month - Day 16 - Port 1521 - Oracle TNS Listener |
| 2009-05-09/a> | Patrick Nolan | Unusable, Unreadable, or Indecipherable? No Breach reporting required |
