Security Analyst – Jeff Soehner CISSP, GXPN,GPYC,GMOB,GCIH

Its here! – The new world of Transport Layer Security (read more)

July 1 2018 marks the birth of a more secure world for users of credit cards. Almost every vendor, merchant and client of the Payment Card Industry (PCI) should now be using TLS 1.2 without RSA encryption in order to avoid attacks being leverage against your implementations of secure sockets.

If you have migrated away from DHE/3DES/CBC/RSA/TLS1-1.1 in favour of TLS 1.2 using Elliptic curve cryptography you might already be missing attacks like DROWN, BEAST, Lucky Thirteen, Logjam and even the stealthy ROBOT but you can rest assured that you have a secure method of connecting. Our next milestone will be the adoption of TLS 1.3 which can prevent attackers all together.

If you are a large and slow moving enterprise, you might have decided to utilize some customized patches from the likes of F5, Fortinet. You may also be hoping that content delivery networks like CloudFlare or Akamai are going help thwart these attacks. Managing these customized patches can contribute to security burnout or worse, you could be vulnerable to one or more of these attacks.

As we get ready for the second half of 2018, cvedetails already shows us with almost 60% of last years total amount and we have surpassed any other year in the past 15 years of reporting. Lets end this year right by removing bad cipher suites in all of our web services.