Here’s an image from a server with a LetsEncrypt certificate.
Author Archives: ericlaw
Cheating Authenticode, Redux
Back in 2014, I explained two techniques that have been used by developers to store information in Authenticode-signed executables without breaking the signature, including information about the EnableCertPaddingCheck registry flag that can be set to break the technique1. Recently, Kevin Jones pointed out that Chrome’s signed installer differs on each download, as you can seeContinue reading “Cheating Authenticode, Redux”
TLS Fallbacks are Dead
Just over 5 years ago, I wrote a blog post titled “Misbehaving HTTPS Servers Impair TLS 1.1 and TLS 1.2.” In that post, I noted that enabling versions 1.1 and 1.2 of the TLS protocol in IE would cause some sites to load more slowly, or fail to load at all. Sites that failed toContinue reading “TLS Fallbacks are Dead”
Non-Secure Clicktrackers–The Fastest Path from A+ to F
HTTPS only works if you use it. Coinbase is an online bitcoin exchange backed by $106M in venture capital investment. They’ve got a strong HTTPS security posture, including the latest ciphers, a 4096bit RSA key, and advanced features like browser-preloaded HSTS and HPKP. SSLLabs grades Coinbase’s HTTPS deployment an A+: This is a well-secured siteContinue reading “Non-Secure Clicktrackers–The Fastest Path from A+ to F”
File Paths in Windows
Handling file-system paths in Windows can have many subtleties, and it’s easy to forget how some of this very intricate system works under the covers. Happily, a .NET developer has started blogging a bit about file paths, presumably as they work to improve .NET’s handling of paths longer than the legacy MAX_PATH limit of 260Continue reading “File Paths in Windows”
text/plain 