Security Audit 11/4/2011 (secMAIL)

11/4/2011 Security Audit for our secMAIL services

All Clients have been upgraded to the latest version of our secMAIL services. Below is the list of changes, and fixes.

SSL/TLS Vuln Zero Day & BEAST

 

Microsoft today said it will issue a Windows security update to plug a long-known hole in the protocol that secures websites.

Although the flaw in SSL (secure socket layer) 3.0 and TLS (transport layer security) 1.0, the follow-on Web encryption protocol to SSL, has been known for about a decade, a practical exploit only surfaced last week when a pair of researchers demonstrated what they called BEAST, for "Browser Exploit Against SSL/TLS," a hacking tool that attacks browsers and decrypts cookies, potentially giving attackers access to encrypted website log-on credentials.