Little Universal Network Appliance (LUNA)

This came across our desk, at Canada Cyber .. and we thought we should share it with you. this is a great project,

A very small device I mean small, LUNA.

The thing we are excited about is the Netflow and the Wireshark features having the ability to plug this (LUNA) guy in and get traffic right away is great, as currently at Canada Cyber our smallest device looks something like a router running custom Linux.

As a security firm, we would look at the top 3 features,

Capability to serve as a gateway or bridge for applications, such as:
- network flow sensor
- remote Wireshark sensor
- VoIP logger
- TOR gateway
- multiple control boxes on a single network wire
- small VPN gateway
- network traffic generator/analyzer, and
- a plethora of other open source applications (Note: Backers with Unix development skills are also encouraged to write their own software for LUNA and share it with the community via our corporate website.

To get more info on this please visit https://www.kickstarter.com/projects/wawtechnologies/luna-little-universal-network-appliance

Reff: http://www.wawtechnologies.com/

Minister Blaney Highlights Canada's Role in the Global Fight Against Terrorism and Cyber Threats

Minister Blaney Highlights Canada's Role in the Global Fight Against Terrorism and Cyber Threats



MONTRÉAL, QUÉBEC--(Marketwired - Dec. 5, 2014) - The
Honourable Steven Blaney, Canada's Minister of Public Safety and
Emergency Preparedness, released a statement following a speech today on
national security to the Montréal Council on Foreign Relations:


"We live in an increasingly global and interconnected world,
and as such, we must take a more outward and global view in many domains
- and national security is no exception. Of the national security
challenges facing our nation, none are more pressing than terrorism and
cyber security.


Our Government is taking decisive action to address the evolving threat of terrorism. On October 27, 2014 I introduced the Protection of Canada from Terrorists Act that contained targeted amendments to the CSIS Act to ensure CSIS has the tools it needs to investigate threats to the security of Canada and ensure our safety and security.


Canada's Counter-terrorism Strategy
sets out a clear approach for addressing terrorism, with a focus on
building community resilience. These measures demonstrate our
Government's continued commitment to do what is necessary to prevent
terrorists and violent extremists from carrying out attacks against
Canadians.


Every sector of society has an important role to play in
keeping Canada safe from cyber threats. That is precisely why our
Government is working so diligently to raise awareness among Canadians
about cyber security and how important it is to protect themselves
online.


Canada's Cyber Security Strategy outlines the Government's commitment to keep Canadians safe in cyberspace. Successful implementation of this Strategy depends
on partnerships with other governments and industry to ensure the
resilience of cyber systems vital to Canadian security and economic
prosperity.


A key component of the Strategy, Get Cyber Safe, was created to educate Canadians about Internet security and the simple steps they can take to protect themselves online.


We continue to work in close partnership with our
international allies as we face similar national security threats. Our
Government remains unwavering in its commitment to protect the safety
and security of Canadians."


For more information, please visit the Public Safety Canada website at www.publicsafety.gc.ca.


Follow Public Safety Canada (@Safety_Canada) and Get Cyber Safe (@getcybersafe) on Twitter.

Sony cyber attack.

http://ca.reuters.com/article/technologyNews/idCAKCN0JE0YA20141201

Canada's capital website Hacked. Ottawa.

Ottawa police, Supreme Court websites Was also shut down after possible hack

A hacker group claimed responsibility after the websites of the Ottawa police department and the Supreme Court of Canada flashed offline Saturday evening, one day after the same group allegedly shut down the City of Ottawa’s website.

The Ottawa Police Service’s website stopped responding around 6:30 p.m., with visitors attempting to reach the site greeted by a blank page with an error message. The Supreme Court of Canada's website shut down the same way shortly after.

A Twitter account under the name Aerith claimed responsibility for the website malfunctions. 

"We'll start by taking OttawaPolice.ca offline, just to annoy them," it tweeted just after 6 p.m.
Ottawa police could not immediately confirm whether its website was hacked but told CBC News they are currently investigating.
"This is just the start," Aerith said in a message posted to an online forum. "We will not rest, we have already hacked Ottawa police's mail server, stolen all email logs incoming and outgoing."
CBC News could not immediately confirm who authored the message or its authenticity.
Aerith said Friday it hacked the City of Ottawa website. For about an hour, the site displayed the name of an Ottawa police officer involved in the investigation of an area teen who allegedly called in fake emergencies across North America, prompting police departments to deploy SWAT teams. The practice is often called “swatting.”
Const. Joel Demore’s name was shown alongside a dancing banana and the message: “Joel Demore: You laugh at us, you are scared of us, does this help your laughing?" the hacked website read. "We can destroy everything, this is a flex of our power. Please, test us. You know what we want."

http://www.cbc.ca/news/canada/ottawa/ottawa-police-supreme-court-websites-shut-down-after-possible-hack-1.2846079

Hackers attacked the U.S. energy grid 79 times this year

NEW YORK (CNNMoney)

The nation's energy grid is constantly under attack by hackers.

In fiscal year 2014, there were 79 hacking incidents at energy companies that were investigated by the Computer Emergency Readiness Team, a division of the Department of Homeland Security. There were 145 incidents the previous year.

The outermost defenses aren't holding up. Between April 2013 and 2014, hackers managed to break into 37% of energy companies, according to a survey by ThreatTrack Security.
Cybersecurity firm FireEye (FEYE) identified nearly 50 types of malware that specifically target energy companies in 2013 alone, according to its annual report. Energy firms get hit with more spy malware than other industries, according to a 2014 study by Verizon (VZ, Tech30).

U.S. weather system hacked, affecting satellites

NEW YORK (CNNMoney)

Hackers attacked the U.S. weather system in October, causing a disruption in satellite feeds and several pivotal websites.

The National Oceanic and Atmospheric Administration, NOAA, said that four of its websites were hacked in recent weeks. To block the attackers, government officials were forced to shut down some of its services.
This explains why satellite data was mysteriously cut off in October, as well as why the National Ice Center website and others were down for more than a week. During that time, federal officials merely stated a need for "unscheduled maintenance."
Still, NOAA spokesman Scott Smullen insisted that the aftermath of the attack "did not prevent us from delivering forecasts to the public."

Top 100 Cyber Security and Privacy Tips

In celebration of the 100th post on Security Generation, I’ve decided that a list of 100 security and privacy tips would be appropriate. The tips start off basic then get a bit more complex, and cover a range of areas from general computer and information security, to safe web browsing, email security and privacy. Thanks to everyone who’s been visiting (and to those who are following on Twitter), I hope to keep bringing you useful and interesting content into 2011. Feel free to share this with others, and suggest any other tips that you think I may have missed out! Let’s kick off the 100 Security Tips, enjoy:

1. Keep informed of current events in security by reading (or listening to) relevant security news
2. Always be aware and alert for threats, and adjust your security to fit your current environment
3. Be skeptical (not paranoid), and use common sense
4. Ask for help or information if you’re ever suspicious or unsure about something
5. Help educate others about good security practices, and point them to useful resources
6. Regularly patch your system, browsers, and other software and mobile devices when updates are available
7. If you use antivirus, and you probably should, update the signatures hourly at a minimum
8. Don’t use an Administrator (root) account for day-to-day use. Set yourself up a standard user account
9. Use good, strong passwords with a minimum of 8 characters
10. Do not use “password”, abc123, 12345, qwerty, your username, any dictionary word, or any derivatives of these as your password!
11. Use a good password generator if it helps
12. Don’t re-use passwords, especially for important sites or services, and avoid copy & pasting password as these can remain on the clipboard
13. Change your important passwords regularly (add yourself a calendar reminder every 6 months or so)
14. Don’t share your passwords with others
15. Don’t write down your password, and if you must, don’t write down what it’s for or its associated username (destroy it when you no longer need it). Do NOT stick the login password to your computer onto your monitor, underneath your keyboard or anywhere near your computer!
16. If you need to store your passwords somewhere, use a secure encrypted password storage tool (such as KeePassX) together with a strong decryption password
17. Set strong (hard to guess) secret questions and answers. If you can’t set your own secret questions and have to use something like “What is your hometown”, then enter your home town, but add a unique piece of information that only you will remember (eg. New York 1984). Weak secret questions are usually the easiest way to break into accounts!
18. Consider using two-factor authentication such as biometrics, USB dongles, or smart cards to strengthen your authentication process
19. Disable auto-login on your computer
20. Don’t plug in unknown or suspicious USB devices into your computer
21. Ensure any auto-run functionality is disabled
22. Don’t leave your computer unattended in public places
23. If you use and travel with a laptop, consider installing software (such as Hidden or Prey) that would help you with recovering it, if it gets lost or stolen. For iPhones, check out Apple’s free Find My iPhone service
24. Beware of shoulder-surfers when typing in your password, or sensitive information is displayed on screen
25. Consider buying a privacy filter for your screen if frequently working on sensitive materials in public
26. Set a screensaver password and lock your screen when leaving your computer
27. Use a physical computer lock and secure it to the desk or other immovable object when leaving your computer in public or even workplace environment
28. Pay attention to SSL errors when browsing, and reject invalid certificates if you feel something’s wrong
29. As a general rule, try to avoid using public or untrusted computers to log in to sensitive services (eg. email, banking), as these often lack patches and may have keyloggers.
30. If you do use a public computer, use ‘Private Browsing’ functionality in browsers to prevent them from saving history and cache files to the disk
31. Only browse to and from sites you trust
32. Only install software from sources you trust (beware that a lot of bootleg software can contain malware)
33. When browsing to sensitive sites such as online banking, email (or even non-sensitive sites like Facebook), force SSL by using ‘https://’ ahead of the URL. Make sure your bookmarks are set to use this too
34. Use a browser plugin (such as HTTPS Everywhere) that will enforce persistent SSL on specific sites
35. Regularly clear cookies to purge any unneeded or unwanted tracking cookies
36. Sign up for two-factor authentication services if your bank offers them. These include pin pads, SMS codes, etc
37. Only perform financial transactions (eg. transfer money or purchase goods) from sites with a known good reputation. If unsure do a bit of Google research, many scam sites are already known and talked about online
38. For online services between individuals (eg. eBay), beware of scammers when selling anything of value. They will often over-bid, send you a fake PayPal (or other) payment notification email, and ask for the item to be shipped quickly. Always verify youself that the payment has been received before releasing any goods
39. Learn to recognise current phishing, vishing and other scams
40. Don’t store credit card details in a file on your computer. Malware can easily scan your computer in search for credit card numbers. Many secure password tools (such as KeePassX) allow you to also enter other sensitive pieces of information such as CC numbers
41. Only click on links from sites or people you trust, but don’t click if you feel the link is suspicious
42. Beware of URL shorteners, as these can be used to mask malicious URLs. Most services will allow you to preview the full URL (eg. adding a + at the end of a bit.ly URL)
43. Use browser plugins like NoScript to block potentially unwanted or malicious scripts
44. Don’t allow your browser to remember your credentials for websites. Browsers do not adequately protect this information!
45. When configuring email clients, set it to use SSL when connecting to the POP, IMAP or SMTP server
46. Don’t click on unknown links or attachments in emails
47. Encrypt sensitive information and/or attachments in emails, and send the decryption key via another method (eg, by phone, SMS, smoke signal). PGP/GPG (GPGMail) is a good solution for encrypting and digitally signing email
48. Never send credit card details by email, including scanned images of your credit card (yes, people do this for some reason)
49. Your bank should never be emailing you with requests for bank details, credit card numbers, personal details, etc. They are usually phishing attacks, so don’t reply. If unsure, call up your bank using the phone number on their website (type the URL in yourself, don’t rely on links or phone numbers in emails)
50. Don’t reply to emails offering you money in return for accepting funds on the behalf of the King of Umbalawi (Nigerian people want your money)
51. Unless you remember subscribing to receive emails, never reply to spam or click on links to unsubscribe, you’ll simply be signed up to receive more spam and may receive malware
52. Don’t trust companies or online services to keep your data safe
53. Consider using disk encryption features (eg. FileVault/BitLocker) or software (eg. PGP/PointSec) to protect files on your computer
54. Use encrypted disk images, volumes or files when transferring data using USB sticks
55. Back-up your important files
56. Make another backup
57. Re-read steps 55 and 56, just for good measure. Unfortunately most people, myself included, only learn the priceless value of backups after they’ve lost something
58. Consider encrypting your backups, particularly if you’re going to make backups to an online service. Note, however, that a corrupted encrypted file or volume may leave you without access to your files!
59. If you encrypt your backups, make sure you remember the decryption key or store a copy securely somewhere. Your encrypted backups are useless if the key is in your KeePass file on your lost/destroyed computer
60. Store unencrypted sensitive data and backups in a secure location, such as a safe
61. Test your backup recovery process to make sure you can get access to your files should you need them!
62. Use secure delete functionality or tools when erasing sensitive files
63. Remember that deleted sensitive files may still reside in backups, or in multiple backups if you’re using incremental backups. Delete them there too if need-be
64. Use secure wiping functionality (Disk Utility) or tools (DBAN) to erase drives/devices before giving or selling them on
65. Disable UPnP on your router to prevent the creation of unwanted inbound firewall rules
66. Change the default username and password on your router
67. Set trusted DNS services (such as OpenDNS or Google DNS) in your router and computer network configurations
68. Avoid connecting to untrusted wireless networks
69. Avoid connecting to unencrypted wireless networks
70. If you connect to untrusted or unencrypted wireless networks, enforcing SSL is even more important
71. If you don’t need a wireless network, then avoid having one. Ethernet is better anyway ;)
72. If you use wireless, consider having a separate network for guests that is segregated from your primary network. Some wireless routers (eg. Airport Extreme) natively support this, otherwise two routers and some firewall rules will achieve the same effect
73. Use WPA2 and a strong password/key to secure your wireless networks
74. Set a custom SSID on your wireless network, this will make rainbow-table attacks significantly harder
75. Turn off your wifi card, either in the OS or using a physical switch (if you have one), when not in use. This is to prevent fake-ap attacks. Also disable Bluetooth when not in use
76. Turn off unnecessary network services (eg. file sharing, screen sharing, remote login) if unneeded or when not in use
77. Use personal firewall features/software on your computer and learn how to configure it properly
78. Use outbound firewalls such as Little Snitch or Zone Alarm to alert you of outbound connections from your computer
79. When setting up or using network file transfers, try to use encrypted methods such as SFTP/FTPS and SCP
80. Use certificates for authentication where possible (SSH, FTPS, VPN, etc)
81. Use encryption such as OTR to protect your instant messaging conversations and authenticate your contacts
82. Use Tor to anonymize web browsing, but beware that the destination/content of your browsing may be visible to a third party (use SSL!).
83. Use SSH Tunnels or IPSec VPNs to secure and/or anonymize browsing, email and other traffic on untrusted networks (and unencrypted wireless networks)
84. Remote desktop services such as VNC are usually unencrypted. You should definitely tunnel this traffic through SSH or VPN.
85. Use mechanisms such as Single Packet Authorization to protect high-risk services like SSH or VPN.
86. Set up a host or network-based intrusion detection system (eg. Snort) to alert you to suspicious activity on the network.
87. Read up on easy things you can do to secure your system (eg. Securing Leopard), or go as far as following NSA hardening guides.
88. Be mindful of the type and quantity of information you divulge online (aka. oversharing), as it may be used against you. Even information in ‘private’ services can come out for a number of reasons
89. Think before posting your location on location-aware services (Foursquare, Facebook, etc), and consider what the effects could be of doing so, particularly if this is something you do on a regular basis.
90. Many types of documents are embedded with some form of personally-identifying information which may include your name, contact details or location. If you are distributing documents online, text or images, be sure to remove undesirable meta-information.
91. Familiarize yourself with your company’s privacy policy
92. Be aware of the relevant privacy laws and security practices of other countries before traveling. In the UK you can be forced to reveal your decryption passwords, and in the U.S. the Department of Homeland Security can confiscate your computer or portable media and make copies of any information.
93. Consider traveling with an empty ‘skeleton laptop’ and access your information at home remotely over SSH/SFTP/HTTPS/etc.
94. Know your rights to privacy in your country, both in private and at work
95. In an office environment, challenge unknown individuals attempting to enter behind you (tailgaters) to produce a valid badge/pass
96. Report those unwilling or unable to produce a valid badge/pass to security
97. Be suspicious of calls or emails from unknown individuals asking for information. This could be as benign as someone’s contact details.
98. If someone claiming to be from tech support says they need your credentials because your account was hacked and they need the credentials to reset it, or they’re upgrading systems and need your credentials to do so, they’re probably lying. Tech support should not need to ask you for your credentials. Call tech support back yourself to verify it is indeed them. If they still need your password see Tip #5.
99. Be aware that almost any device can be used to record audio and/or video, including smarphones, music players, pens, etc.
100. No matter what you do, adapt your security to be usable, reliable, and not hinder your use of your systems and devices.

Source: http://www.stumbleupon.com/su/1rgG0a/www.securitygeneration.com/security/top-100-security-and-privacy-tips/?ref_src=email

The dangers of opening suspicious emails: Crowti ransomware - Microsoft Malware Protection Center - Site Home - TechNet Blogs

The dangers of opening suspicious emails: Crowti ransomware - Microsoft Malware Protection Center - Site Home - TechNet Blogs



The Microsoft Malware Protection Center (MMPC) has seen a spike in number of detections for threats in the Win32/Crowti ransomware
this month as the result of new malware campaigns. Crowti is a family
of ransomware that when encountered will attempt to encrypt the files on
your PC, and then ask for payment to unlock them. These threats are
being distributed through spam email campaigns and exploits.


Crowti impacts both enterprise and home users, however, this type of
threat can be particularly damaging in enterprise environments. In most
cases, ransomware such as Crowti can encrypt files and leave them
inaccessible. That’s why it’s important to back up files on a regular
basis. Cloud storage technologies such as OneDrive for Business can help with features such as built-in version history that helps you revert back to an unencrypted version of your files.


We also recommend you increase awareness about the dangers of opening suspicious emails –
this includes not opening email attachments or links from untrusted
sources. Attackers will usually try to imitate regular business
transaction emails such as fax, voice mails, or receipts. If you receive
an email that you’re not expecting, it’s best to ignore it. Try to
validate the source of the email first before clicking on a link or
opening the attachment. There is more advice to help prevent an
infection from ransomware and other threats at the end of this blog. 

How to leak sensitive data from an isolated computer air-gap to a near...

iframe width 480 height 270 src https://www.youtube.com/embed/2OzTWiGl1rM frameborder 0 allowfullscreen> /iframe>

Ransomware US-CERT ALERT

WHAT IS RANSOMWARE?

Ransomware is a type of malware that
infects a computer and restricts a user’s access to the infected
computer. This type of malware, which has now been observed for several
years, attempts to extort money from victims by displaying an on-screen
alert. These alerts often state that their computer has been locked or
that all of their files have been encrypted, and demand that a ransom is
paid to restore access. This ransom is typically in the range of
$100–$300 dollars, and is sometimes demanded in virtual currency, such
as Bitcoin.

Ransomware is typically spread through phishing emails
that contain malicious attachments and drive-by downloading. Drive-by
downloading occurs when a user unknowingly visits an infected website
and malware is downloaded and installed without their knowledge. Crypto
ransomware, a variant that encrypts files, is typically spread through
similar methods, and has been spread through Web-based instant messaging
applications.

WHY IS IT SO EFFECTIVE?

The authors of
ransomware instill fear and panic into their victims, causing them to
click on a link or pay a ransom, and inevitably become infected with
additional malware, including messages similar to those below:

• “Your computer has been infected with a virus. Click here to resolve the issue.”
• “Your computer was used to visit websites with illegal content. To unlock your computer, you must pay a $100 fine.”
• “All files on your computer have been encrypted. You must pay this ransom within 72 hours to regain access to your data.”

 

https://www.us-cert.gov/ncas/alerts/TA14-295A

Ethics in a Cyber world

As the Internet has become more and more central to our lives, our online and offline identities have become less and less separate. Where the Internet was once a place where nobody knew we were dogs and we lived Second Lives as customizable avatars, today we mostly surf the Web as ourselves. Many of the most popular environments, such as Facebook, ask us to sign up using our real names, and even on services like Twitter, which allow for pseudonymy, people use their real names more often than not.
One area where a divide still exists between our online and offline selves, however, is in the realm of morality. While MediaSmarts’ study Young Canadians in a Wired World found that while young people are often actively kind and thoughtful towards people online – a finding supported by research from both the U.S.^[1] and the UK^[2] – hostile and aggressive behaviour is also common: almost nine in ten teens in the U.S. study said that they had “seen someone being mean or cruel to another person on a social network site,” while the UK research found that “almost a third of primary school age children and a quarter of secondary school age children said that mean comments or behaviour stops them from enjoying their time online.” Moreover, even those youth who choose to act in positive ways online often describe the Internet as a place where morals and ethics by default do not apply, in which people say and do things they never would in person. What this suggests is that while young people generally have good moral instincts, they need more guidance than they’re getting about how to view the online world as a space where morals and ethics apply.

To read more please go to link below.


By Submitted by Matthew Johnson on 09 Oct 2014.


http://mediasmarts.ca/blog/ethics-online

The dark side of the internet

Guest Article by Monica Pathak, Lawyer at Goldstein DeBiase Manzocco, Serious Injury Lawyers
We live in a remarkable time in human history. Using nothing more than a mobile device or a computer, we can access an encyclopedic wealth of information and connect with others on social media with our fingertips.Despite this opportunity for enlightenment in the Internet age, there is a dark side to the web that is filled with revenge porn and stories of cyber-bullying. This new form of victimization is an oft-told tale that continues to grab headlines.
Celebs & Civilians are Victims of Cyber-bullying & Revenge Porn
In the last month, Apple Inc.’s iCloud service was hacked and a collection of approximately 200 private and intimate photos of Hollywood and sports celebrities, most notably Jennifer Lawrence, were leaked online for the public’s salacious consumption.This week, an article in the September 23^rd, 2014 edition of the National Post reported that hackers have threatened to release private(i.e. nude) photos of actress Emma Watson in retaliation for her gender equality speech at the United Nations (this threat was later determined to be a hoax). The debate about images of public figures and their victimizationaside, there are also sad and sordid stories about young women like seventeen year old Rehtaeh Parsons of Nova Scotia whose rape was recorded and uploaded to the Internet and fifteen year old British Columbian Amanda Todd who was cyber-bullied. Both of these women were tormented online and driven to suicide.

more info:

http://windsorite.ca/2014/09/the-dark-side-of-the-web-revenge-porn-cyber-bullying/

Companies question cloud security

Cloud Security

http://www.rackspace.com/knowledge_center/whitepaper/cloud-security-in-an-agile-world?cm_mmc=managed-_-cloud-_-contentnam-_-ifw-sp034&linkId=9621456


http://www.ibtimes.com/icloud-security-update-apple-ceo-tim-cook-says-cloud-security-will-be-increased-following-1679406

Supported SSL Certs and OS

SSL to OS/ application Handshake Simulation
Android 2.3.7   No SNI 2	TLS 1.0	TLS_RSA_WITH_RC4_128_MD5 (0x4)   No FS   RC4	128
Android 4.0.4	TLS 1.0	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)   FS	256
Android 4.1.1	TLS 1.0	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)   FS	256
Android 4.2.2	TLS 1.0	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)   FS	256
Android 4.3	TLS 1.0	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)   FS	256
Android 4.4.2	TLS 1.2	TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)   FS	256
BingBot Dec 2013   No SNI 2	TLS 1.0	TLS_RSA_WITH_AES_128_CBC_SHA (0x2f)   No FS	128
BingPreview Jun 2014	TLS 1.0	TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39)   FS	256
Chrome 36 / Win 7  R	TLS 1.2	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)   FS	128
Firefox 24.2.0 ESR / Win 7	TLS 1.0	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)   FS	256
Firefox 31 / OS X  R	TLS 1.2	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)   FS	128
Googlebot Jun 2014	TLS 1.0	TLS_ECDHE_RSA_WITH_RC4_128_SHA (0xc011)   FS   RC4	128
IE 6 / XP   No FS 1   No SNI 2	SSL 3	TLS_RSA_WITH_RC4_128_MD5 (0x4)   No FS   RC4	128
IE 7 / Vista	TLS 1.0	TLS_RSA_WITH_AES_128_CBC_SHA (0x2f)   No FS	128
IE 8 / XP   No FS 1   No SNI 2	TLS 1.0	TLS_RSA_WITH_RC4_128_MD5 (0x4)   No FS   RC4	128
IE 8-10 / Win 7  R	TLS 1.0	TLS_RSA_WITH_AES_128_CBC_SHA (0x2f)   No FS	128
IE 11 / Win 7  R	TLS 1.2	TLS_RSA_WITH_AES_128_CBC_SHA256 (0x3c)   No FS	128
IE 11 / Win 8.1  R	TLS 1.2	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)   FS	256
IE Mobile 10 / Win Phone 8.0	TLS 1.0	TLS_RSA_WITH_AES_128_CBC_SHA (0x2f)   No FS	128
IE Mobile 11 / Win Phone 8.1	TLS 1.2	TLS_RSA_WITH_AES_128_CBC_SHA256 (0x3c)   No FS	128
Java 6u45   No SNI 2	TLS 1.0	TLS_RSA_WITH_RC4_128_MD5 (0x4)   No FS   RC4	128
Java 7u25	TLS 1.0	TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)   FS	128
Java 8b132	TLS 1.2	TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027)   FS	128
OpenSSL 0.9.8y	TLS 1.0	TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39)   FS	256
OpenSSL 1.0.1h	TLS 1.2	TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)   FS	256
Safari 5.1.9 / OS X 10.6.8	TLS 1.0	TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)   FS	128
Safari 6 / iOS 6.0.1  R	TLS 1.2	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)   FS	256
Safari 7 / iOS 7.1  R	TLS 1.2	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)   FS	256
Safari 8 / iOS 8.0 Beta  R	TLS 1.2	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)   FS	256
Safari 6.0.4 / OS X 10.8.4  R	TLS 1.0	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)   FS	256
Safari 7 / OS X 10.9  R	TLS 1.2	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)   FS	256
Yahoo Slurp Jun 2014   No SNI 2	TLS 1.2	TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)   FS	256
YandexBot May 2014	TLS 1.0	TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39)   FS	256
(1) Clients that do not support Forward Secrecy (FS) are excluded when determining support for it.
(2) No support for virtual SSL hosting (SNI). Connects to the default site if the server uses SNI.
(R) Denotes a reference browser or client, with which we expect better effective security.
(All) We use defaults, but some platforms do not use their best protocols and features (e.g., Java 6 & 7, older IE).

We get A for our enhanced SSL certificate impelemntatins.

We get A for a very well executed SSL ”secure socket layer” certificate implementations.

I had discussion the other day with a client about the best security for his site.

And I had to explain to him the 4 level of SSL certs you can apply.

The first is only a self-signed and should only be used in a Local LANs or when you have installed your own customer root CA.

The other 3 are what you can buy on the net:

The thing is for almost all of them they are the same Math and Crypto, the only thing is with the deluxe and Premium you are also authenticating the Company and Business.

So if you are selling things online, then I would go with Deluxe or EV, if you are giving secure applications to clients. Then Standard is great. 

We at Canada Cyber insure that math and cryptography is correct not just the green bar. we insure we are using the highest level of encryption. 

 For example AES have been rated for Top Secret by the NSA https://en.wikipedia.org/wiki/Advanced_Encryption_Standard

Thats why we use Just that: 

 

Again it is very important to understand SSL.