Monday, September 29, 2014

The dark side of the internet

Guest Article by Monica Pathak, Lawyer at Goldstein DeBiase Manzocco, Serious Injury Lawyers
We live in a remarkable time in human history. Using nothing more than a mobile device or a computer, we can access an encyclopedic wealth of information and connect with others on social media with our fingertips.Despite this opportunity for enlightenment in the Internet age, there is a dark side to the web that is filled with revenge porn and stories of cyber-bullying. This new form of victimization is an oft-told tale that continues to grab headlines.
Celebs & Civilians are Victims of Cyber-bullying & Revenge Porn
In the last month, Apple Inc.’s iCloud service was hacked and a collection of approximately 200 private and intimate photos of Hollywood and sports celebrities, most notably Jennifer Lawrence, were leaked online for the public’s salacious consumption.This week, an article in the September 23rd, 2014 edition of the National Post reported that hackers have threatened to release private(i.e. nude) photos of actress Emma Watson in retaliation for her gender equality speech at the United Nations (this threat was later determined to be a hoax). The debate about images of public figures and their victimizationaside, there are also sad and sordid stories about young women like seventeen year old Rehtaeh Parsons of Nova Scotia whose rape was recorded and uploaded to the Internet and fifteen year old British Columbian Amanda Todd who was cyber-bullied. Both of these women were tormented online and driven to suicide.

more info:

http://windsorite.ca/2014/09/the-dark-side-of-the-web-revenge-porn-cyber-bullying/

Saturday, September 13, 2014

Supported SSL Certs and OS

SSL to OS/ application Handshake Simulation
Android 2.3.7   No SNI 2 TLS 1.0 TLS_RSA_WITH_RC4_128_MD5 (0x4)   No FS   RC4 128
Android 4.0.4 TLS 1.0 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)   FS 256
Android 4.1.1 TLS 1.0 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)   FS 256
Android 4.2.2 TLS 1.0 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)   FS 256
Android 4.3 TLS 1.0 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)   FS 256
Android 4.4.2 TLS 1.2 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)   FS 256
BingBot Dec 2013   No SNI 2 TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA (0x2f)   No FS 128
BingPreview Jun 2014 TLS 1.0 TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39)   FS 256
Chrome 36 / Win 7  R TLS 1.2 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)   FS 128
Firefox 24.2.0 ESR / Win 7 TLS 1.0 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)   FS 256
Firefox 31 / OS X  R TLS 1.2 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)   FS 128
Googlebot Jun 2014 TLS 1.0 TLS_ECDHE_RSA_WITH_RC4_128_SHA (0xc011)   FS   RC4 128
IE 6 / XP   No FS 1   No SNI 2 SSL 3 TLS_RSA_WITH_RC4_128_MD5 (0x4)   No FS   RC4 128
IE 7 / Vista TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA (0x2f)   No FS 128
IE 8 / XP   No FS 1   No SNI 2 TLS 1.0 TLS_RSA_WITH_RC4_128_MD5 (0x4)   No FS   RC4 128
IE 8-10 / Win 7  R TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA (0x2f)   No FS 128
IE 11 / Win 7  R TLS 1.2 TLS_RSA_WITH_AES_128_CBC_SHA256 (0x3c)   No FS 128
IE 11 / Win 8.1  R TLS 1.2 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)   FS 256
IE Mobile 10 / Win Phone 8.0 TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA (0x2f)   No FS 128
IE Mobile 11 / Win Phone 8.1 TLS 1.2 TLS_RSA_WITH_AES_128_CBC_SHA256 (0x3c)   No FS 128
Java 6u45   No SNI 2 TLS 1.0 TLS_RSA_WITH_RC4_128_MD5 (0x4)   No FS   RC4 128
Java 7u25 TLS 1.0 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)   FS 128
Java 8b132 TLS 1.2 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027)   FS 128
OpenSSL 0.9.8y TLS 1.0 TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39)   FS 256
OpenSSL 1.0.1h TLS 1.2 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)   FS 256
Safari 5.1.9 / OS X 10.6.8 TLS 1.0 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)   FS 128
Safari 6 / iOS 6.0.1  R TLS 1.2 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)   FS 256
Safari 7 / iOS 7.1  R TLS 1.2 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)   FS 256
Safari 8 / iOS 8.0 Beta  R TLS 1.2 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)   FS 256
Safari 6.0.4 / OS X 10.8.4  R TLS 1.0 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)   FS 256
Safari 7 / OS X 10.9  R TLS 1.2 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)   FS 256
Yahoo Slurp Jun 2014   No SNI 2 TLS 1.2 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)   FS 256
YandexBot May 2014 TLS 1.0 TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39)   FS 256
(1) Clients that do not support Forward Secrecy (FS) are excluded when determining support for it.
(2) No support for virtual SSL hosting (SNI). Connects to the default site if the server uses SNI.
(R) Denotes a reference browser or client, with which we expect better effective security.
(All) We use defaults, but some platforms do not use their best protocols and features (e.g., Java 6 & 7, older IE).

We get A for our enhanced SSL certificate impelemntatins.



We get A for a very well executed SSL ”secure socket layer” certificate implementations.
I had discussion the other day with a client about the best security for his site.
And I had to explain to him the 4 level of SSL certs you can apply.
The first is only a self-signed and should only be used in a Local LANs or when you have installed your own customer root CA.
The other 3 are what you can buy on the net:

The thing is for almost all of them they are the same Math and Crypto, the only thing is with the deluxe and Premium you are also authenticating the Company and Business.
So if you are selling things online, then I would go with Deluxe or EV, if you are giving secure applications to clients. Then Standard is great. 

We at Canada Cyber insure that math and cryptography is correct not just the green bar. we insure we are using the highest level of encryption. 
 For example AES have been rated for Top Secret by the NSA https://en.wikipedia.org/wiki/Advanced_Encryption_Standard

Thats why we use Just that: 
 

Again it is very important to understand SSL.