The Enterprise Attack Surface Has Grown Exponentially with Boom in Remote Work. Monitor & Protect It. - Learn More

Menu

Ready to Get
Started?

Contact Sales

Blog

The FREAK Attack

by · March 3rd, 2015

On Tuesday, March 3, 2015, researchers announced a new SSL/TLS vulnerability called the FREAK attack. It allows an attacker to intercept HTTPS connections between vulnerable clients and servers and force them to use weakened encryption, which the attacker can break to steal or manipulate sensitive data. This site is dedicated to tracking the impact of the attack and helping users test whether they’re vulnerable.

The POODLE Attack and Tracking SSLv3 Deployment

by · October 4th, 2014

On Tuesday, October 14, 2014, Google released details on the POODLE attack, a padding oracle attack that targets CBC-mode ciphers in SSLv3. The vulnerability allows an active MITM attacker to decrypt content transferred an SSLv3 connection. While secure connections primarily use TLS (the successor to SSL), most users were vulnerable because web browsers and servers will downgrade to SSLv3 if there are problems negotiating a TLS session.

Heartbleed Bug Health Report

by · April 7th, 2014

The Heartbleed Bug is a vulnerability in the OpenSSL cryptographic library that allows attackers to invisibly read sensitive data from a web server. This potentially includes cryptographic keys, usernames, and passwords. More information and frequently asked questions can be found in the initial disclosure.

HTTPS Ecosystem Scans

by Zakir Durumeric · October 1st, 2013

We report the results of a large-scale measurement study of the HTTPS certificate ecosystem—the public-key infrastructure that underlies nearly all secure web communications. Using data collected by performing 110 Internet-wide scans over 14 months, we gain detailed and temporally fine-grained visibility into this otherwise opaque area of security-critical infrastructure.

Ready to Get Started?

Get a real-time view of all your organization's assets so you can proactively prevent threats.