Over the last few weeks, we continue to see HAFNIUM attacks against Exchange Servers through our threat intelligence. Our Firebox feed data shows Fireboxes identifying the signature almost every day over the HTTPS proxy. Yet, Many Exchange servers remain unprotected. With Exchange Outlook Web Access (OWA)servers, Fireboxes must inspect the content of HTTPS traffic for … [Read more...]
Search Results for: encrypted traffic
Concerns Over Apple’s New Privacy and Security Decisions with Big Sur
Apple is a very polished company, both in how it designs and advertises its products. The latest macOS release of Big Sur, however, was anything but smooth. This can be partially attributed to Apple’s decision to use Online Certificate Status Protocol (OCSP) for certificate authentication and certificate revocation tracking. The issue is not only due to using OSCP, but that … [Read more...]
Mozilla and DNS over HTTPS
If you’re a privacy-centric individual, this post is for you. Mozilla, the creator of Firefox, has championed the new Internet Engineering Task Force (IETF) standard known as DNS over HTTPS (DoH). This isn’t a new concept, as Mozilla wrote about this back in 2018, but I only now came across their post describing it. Aside from the post explaining how DoH works, they also break … [Read more...]
Public VPNs Don’t Always Make You Any More Secure
Recent news on a compromised NordVPN server highlights a concern that when you want to use a public VPN, it doesn’t necessarily add any additional security. Some VPN providers want you to think that simply using a public VPN will make your connection perfectly secure, but this doesn’t hold true. While a compromised VPN connection allows hackers access to your Internet traffic, … [Read more...]
HSTS – A Trivial Response to sslstrip
Intro HTTP Strict Transport Security (HSTS) is an HTTP security mechanism that allows web sites to declare themselves as accessible only via secure connections and for users to direct user agents (UAs), or your browser, to interact with web sites only over a secure connection. A "secure connection" in this case means an SSL/TLS encrypted HTTP connection, or HTTPS. This … [Read more...]