{"title":"SSL设置状态可视化,如FQDN不匹配","authors":"Yuji Suga","doi":"10.1109/IMIS.2014.88","DOIUrl":null,"url":null,"abstract":"In 2009, researchers released details of a vulnerability in the SSL and TLS protocols that could allow Man-in-the-Middle attacks to be carried out. IETF published countermeasures with unprecedented speed as RFC5746, however server-side implementations are not deployed because of problems in business such as the loss of opportunities and backward compatibilities. An efficient DOS attack tool using this vulnerability launched by hacker group. Also, an update that blocks RSA keys less than 1024 bits, which it is recognized should only be used by those understanding the risks involved distributed in August 2012. In November 2012, NISC published a concrete transitioning plan on government systems. Thus measures to be considered are present in the handling of SSL/TLS servers. We went crawling using SSLyze the status of measures above vulnerabilities. This paper also proposes visualization methods to understand the latest status and the statistics for geographical regions.","PeriodicalId":345694,"journal":{"name":"2014 Eighth International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing","volume":"17 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2014-07-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Visualization of SSL Setting Status Such as the FQDN Mismatch\",\"authors\":\"Yuji Suga\",\"doi\":\"10.1109/IMIS.2014.88\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In 2009, researchers released details of a vulnerability in the SSL and TLS protocols that could allow Man-in-the-Middle attacks to be carried out. IETF published countermeasures with unprecedented speed as RFC5746, however server-side implementations are not deployed because of problems in business such as the loss of opportunities and backward compatibilities. An efficient DOS attack tool using this vulnerability launched by hacker group. Also, an update that blocks RSA keys less than 1024 bits, which it is recognized should only be used by those understanding the risks involved distributed in August 2012. In November 2012, NISC published a concrete transitioning plan on government systems. Thus measures to be considered are present in the handling of SSL/TLS servers. We went crawling using SSLyze the status of measures above vulnerabilities. This paper also proposes visualization methods to understand the latest status and the statistics for geographical regions.\",\"PeriodicalId\":345694,\"journal\":{\"name\":\"2014 Eighth International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing\",\"volume\":\"17 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2014-07-02\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2014 Eighth International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/IMIS.2014.88\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2014 Eighth International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/IMIS.2014.88","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Visualization of SSL Setting Status Such as the FQDN Mismatch
In 2009, researchers released details of a vulnerability in the SSL and TLS protocols that could allow Man-in-the-Middle attacks to be carried out. IETF published countermeasures with unprecedented speed as RFC5746, however server-side implementations are not deployed because of problems in business such as the loss of opportunities and backward compatibilities. An efficient DOS attack tool using this vulnerability launched by hacker group. Also, an update that blocks RSA keys less than 1024 bits, which it is recognized should only be used by those understanding the risks involved distributed in August 2012. In November 2012, NISC published a concrete transitioning plan on government systems. Thus measures to be considered are present in the handling of SSL/TLS servers. We went crawling using SSLyze the status of measures above vulnerabilities. This paper also proposes visualization methods to understand the latest status and the statistics for geographical regions.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
