Tag Archives: security

ATE Nykobing, Denmark on September 20th 2015

[Danish and German version below]
On Sunday 20th September there will be “A day of Internet Security and CAcert ATE” hosted by ShowIT Media [1].

Agenda

10:00 Welcome
10:15 A Security status on the Internet by Bitdefender
11:00 A Quick Introduction to CAcert
11:20 Time out for lunch
12:15 CAcert Assurance Training Event (ATE)
17:00 Thank you for coming / Safe journey home.

All speeches will be held in English. There will be the possiblity to gether at least 100 Assurance Points.

Place:
ShowIT Media
Slotsbryggen 14 A-D
4800 Nykobing F
Denmark

More information can be found [2], to register: I will attend the ATE Nykobing

[1] https://www.showitmedia.eu/uk_cert.html
[2] https://wiki.cacert.org/Events/2015-09-20-ATE-DK-Nykobing

[Danish version]

Søndag den 20. September afholdes ”En dag med Internet sikkerhed og CAcert ATE” hos ShowIT Media [1].

Program:

10:00 Velkomst
10:15 ”En status på sikkerheden på internettet” af Bitdefender
11:00 En kort præsentation af CAcert
11:20 Frokostpause
12:15 CAcert Assurance Training Event (ATE)
17:00 Tak for I dag / Kom godt hjem

Alle indlæg holdes på Engelsk. Det vil være muligt at samle mindst 100 Assurance point.

Du kan finde mere information på [2] og registrere dig her: Jeg deltager i ATE i Nykøbing

[German version]

Am Sonntag den 20. September veranstaltet die ShowIT Media “Einen Tag der Internetsicherheit und ein CAcert ATE/”A day of Internet Security and CAcert ATE” [1].

Agenda

10:00 Grußwort
10:15 Ein Sicherheitsstatusbericht für das Internet durch Bitdefender
11:00 Eine kurze Dartstellung von CAcert
11:20 Mittagspause
12:15 CAcert Assurance Training Event (ATE)
17:00 Ende der Veranstaltung

Alle Vorträge werden in Englisch gehalten. Es wird die Möglichkeit bestehen mindestens 100 Assurancepunkte zu sammeln.

Weitere Informationen zum Event unter [2], zum Anmelden: Ich nehme ATE in Nykobing teil.

Disabling SSL3 and 3DES support to improve security for CAcert’s users

CAcert intends to disable SSL3 and 3DES support for its main website www.cacert.org by December 1, 2014.

The main CAcert website is currently still supporting the SSL3 protocol for secure connections. However, in https://www.openssl.org/~bodo/ssl-poodle.pdf  it is shown that SSL3 is susceptible to certain cryptograhical attacks. While www.cacert.org does support the recommended TLS_FALLBACK_SCSV option to protect clients with that same protocol option against unintended downgrades to SSL3, this still leaves plain old SSL3 clients vulnerable for the new attack.

Similarly, www.cacert.org is currently still supporting the 3DES cipher suite for encyrpting secure connections. However, this provides only 112 bits of security, which is below the currently recommended number of 128. Hence we should disable it to protect CAcert’s clients.

In practice, the only client known to negotiate SSL3 with www.cacert.org is Internet Explorer 6.0 as found in Windows XP. Thus disabling SSL3 will block https access for these clients only. Similarly, 3DES will only be negotiated by IE 6 and IE 8 running on Windows XP. Since Windows XP is no longer supported by its vendor, and the widely circulated advice to all its users is to switch to a more recent operating system (or switch at least to a more current browser), announcing termination of support for SSL3 and 3DES by CAcert on December 1, 2014 does not seem unreasonable, and is fully in line with our mission to support the security of its users.

If you want to discuss this issue further, please use the bug tracker created for this issue (https://bugs.cacert.org/view.php?id=1314).