Month: December 2017

Acmetek Joins Inc. 5000 Fastest-Growing Private Companies In America!

ACMETEK GLOBAL SOLUTIONS, has made the Inc. 5000 magazine list of the fastest-growing private companies in America. Acmetek achieved a three-year growth of 182% and continues to expand its security solutions to its clients across the world.

Inc. 5000 Inc. magazine, founded in 1979 and based in New York City, is an American

monthly publication focused on growing companies.
For 35 years, Inc. has welcomed the fastest-growing private companies in America into a very exclusive club. The magazine publishes annual lists of the fastest-growing publicly held and private small companies in the U.S. The Inc. 5000 is ranked according to percentage revenue growth over a three-year period. To qualify, companies must have been founded and generating revenue by the first week of the starting calendar year, and therefore able to show three full calendar years of sales. Additionally, they have to be U.S.-based, privately held, and independent—not subsidiaries or divisions of other companies.

As an Inc. 5000 honoree, Acmetek Global Solutions shares a pedigree with Intuit, Zappos, Under Armour, Microsoft, Jamba Juice, Timberland, Clif Bar, Pandora, Patagonia, Oracle, and other notable

alumni. The 2016 list added such powerhouses as Dollar Shave Club, Bai Drinks, Orange Theory Fitness, ipsy, Square, Yeti Coolers, and Ruby Receptionists.

Acmetek started its journey into Website Security Solutions mainly focusing on SSL

in 2010 as a result of a simple observation: SSL has evolved over the years, but Technology Distributors and Businesses have not adapted. This mismatch led the founders of Acmetek to create the vision for the SSL experience and to develop the Channel Enablement Model to support it. With integrated set of tools and savvy enablement support, partners can now offer SSL/TLS and implement Security Solutions their clients across the globe.

Acmetek’s sole mission is to make the world more secure with our growing fleet of Website Security Solutions. Our passion in security is seen by our clients and they know full heartily that they are in good hands. Acmetek’s success is testimony to our team’s creativity, resilience, and tenacity.

“We are deeply honored to be in such great company as all those recognized by Inc. magazine,” stated Ramesh Nuti, CEO of Acmetek. “I am very proud of the entire Acmetek team and we are excited to be recognized by such an illustrious publication. This is a true testament to our commitment to quality and 100% client satisfaction.”


Media Contact: Meenu Kuar, PR Manager,
mkaur@acmetek.com

Acmetek Partners with Norton Shopping Guarantee!

Acmetek Partners with Norton Shopping Guarantee To Bring Online Merchants Trust & Security.Norton Shopping

Acmetek is proud to announce that it has partnered with Norton Shopping Guarantee able to give Acmetek online commerce clients the perfect tool to help sale. The Norton Shopping Guarantee (NSG) is a revolutionary solution designed to increase conversion, average order value, repeat buyers and customer satisfaction. This magnificent product will help reduce shoppers’ concerns about information security, product authenticity, timely delivery, and getting a good price.

Features and Benefits for Merchants:

At a glance how NSG can benefits merchants:

  • Free & Easy Installation.
  • Norton Shopping Guarantee can be installed on any website in less than 1 hour.
  • 100% Risk Free Trial.
    • The purpose of the free trial is to run an A/B split test so that you can quantify the impact before making a
      buying decision.
    • 20x ROI Guarantee NSG.
    • NO financial commitment needed to run a test of Norton Shopping Guarantee.
  • For every dollar invested NSG guarantees a minimum of return $20.00 in gross sales.
  • No long-term contracts
    • Norton Shopping Guarantee commitments are all month-to-month and you are free to retest or stop using our service at any time.

Norton Shopping Guarantee Benefits for Buyers:

Norton Shopping Guarantee merchants provide their buyers with a 30 day guarantee that includes:

  • ID Theft Protection up to $10,000.
    • Comprehensive identity theft coverage to safeguard your personal information
  • Full 3rd party guarantee of your purchase terms of sale of up to $1,000 is provided
  • Lowest Price Guarantee up to $100.
    • If the same store’s published price drops within 30 days of a purchase, NSG pays the difference

Visit www.TheShoppingGuarantee.com to see and learn more about the NSG product


Lead Tech Engineer: Dominic Rafael
dsrafael@acmetek.com

Troubleshooting: SSL with Qualys SSL Labs – SSL Checker

There are many SSL checkers out there which are used to check the validity and installation of a websites SSL Certificate. Majority of these checkers may vary on the information that they display or may have limitations, as they only perform their function as programmed. Aside from using an SSL Checker tool there is always the manual way of using your browser to check proper installations.

If you would like to learn how to check using a browser SSLSupportDesk features such an article Troubleshooting: Checking SSL installation with a browser.

Some SSL Checkers are extremely advanced and will not only check the validity of a SSL certificate, but can also point out flaws in a server’s configuration or software.

Qualys SSL Labs has an SSL Server Test (SSL Checker) tool that is well executed and implemented.

Please follow these steps to test your installation:

  1. Access the Qualys SSL Labs Server Test checker, click here
  2. Enter the URL/Domain name of the server that you wish to check & click Submit


Troubleshooting Unresolved https address:

SSL checkers will only work if your website is publicly accessible from outside your network. More than likely if your website is internal you will not get any results.

Example: We used a domain name that does not exist in the outside work and get this result.

Qualys Checker


How to read Qualys SSL Server Test Checker:

Using sslsupportdesk.com which is accessible to the open internet lets see how Qualys SSL Server Test Checker works.

With a successful installation we should see the following quality of the server system:

Qualys Checker

Summary:

  1. Overall Rating: Based on the quality of the server system running the Domain Name submitted. Factors that attribute to this Overall Rating are from combining the categories of Certificate, Protocol Support, Key Exchange, Cipher Strength.
  2. Certificate: Factors to this Quality are…
    1. Domain name mismatch.
    2. Certificate not yet valid.
    3. Certificate expired.
    4. Use of a self-signed certificate.
    5. Use of a certificate that is not trusted.
    6. Use of a revoked certificate.
  3. Protocol Support: The encryption protocols that are available to clients visiting this web server.
  4. Key Exchange: The distribution of the public and private keys and their strength when setting up encryption between client and server.
  5. Cipher Strength: Ciphers perform the actual encryption/decryption of the key pair running on the server system. Some can be considered weak, others strong.

Troubleshooting:

If there are any warnings or concerns the Qualys SSL Server Test Checker finds will be denoted below the Summary.

Qualys Checker

Screenshot_4

Red = Very bad
Yellow = Advisories or Industry changes that may turn into red over time.

More information regarding the checkers findings can usually be found by clicking MORE INFO.

Note: You may need to contact your server hosting provider or server vendor in order to perform updates, how to turn off certain protocols, or set the proper configurations needed for a good rating.


Authentication:

Server Key and Certificate # 1: States the information pertaining to the SSL certificate running on the Server System in Https:
Additional Certificates (If Supplied): Lists any additional Certificates that are also radiating off the server system. Usually these are Intermediate CA certificates.
Certification Paths: Shows the entire Chain Of Trust. Usually SSL Certificate > Intermediate > Root.

Note: The last certificate in this chain will be the root certificate. At times a yellow “Sent by Server” may appear on the Root. This only means that when a SSL connection is being made to the server that the server is presenting and forcing a root certificate to the client. Usually the Root certificate should only rest in the client’s browser Trust Store. Don’t be alarmed as some servers have to present this due to their programming. Although proper practice dictates that they shouldn’t.

Qualys Checker


Configuration:

Protocols: The encryption protocols that are available to clients visiting this web server.
Cipher Suites: The child protocols the perform the actual encryption session.
Handshake Simulation: Mimics the different browsers used to connect to the server.
Off Note: Most modern browser systems will automatically choose the best most secure connection the browser is capable of regardless of how the server is configured.
Protocol Details: More information regarding how the server system is handling protocols.
Miscellaneous: Server type running Domain Name, Timestamp check occurred, etc.


Qualys SSL Labs Server Test Checker tool is operated and managed by Qualys. This SSL Checker is one of many publicly available on the internet that can help you diagnose problems with your SSL certificate installation, or other errors that are associated with your server system.

Note: You may need to contact your server hosting provider or server vendor in order to perform updates, how to turn off certain protocols, or set the proper configurations needed for a good rating.


About SSLSupportDesk:

SSLSupportDesk is part of Acmetek who is a trusted advisor of security solutions and services. They provide comprehensive security solutions that include Encryption & Authentication (SSL), Endpoint Protection, Multi-factor Authentication, PKI/Digital Signing Certificates, DDOS, WAF and Malware Removal. If you are looking for security look no further. Acmetek has it all covered!

Contact an SSL Specialist to get a consultation on the Website Security Solutions that can fit your needs.

Become a Partner and create additional revenue stream while the heavy lifting for you.

CEOCFO Magazine Interview with Acmetek Global Solutions Inc

Q&A with Ramesh Nuti, CEO of Acmetek Global Solutions Inc. providing Consulting and Security Solutions that include Encryption & Authentication (SSL), Endpoint Protection, Multi-factor Authentication, PKI/Digital Signing Certificates, DDOS, WAF and Malware Removal.

Ramesh Nuti
Chief Executive Officer.

Acmetek Global Solutions Inc.
www.acmetek.com

Contact:
Ramesh Nuti
732-213-9514
Ramesh_Nuti@Acmetek.com

Interview conducted by:
Lynn Fosse, Senior Editor
CEOCFO Magazine

CEOCFO:Mr. Nuti, what is the focus at Acmetek Global Solutions?
Mr. Nuti: Acmetek is a trusted advisor of security solutions and services. We provide comprehensive security solutions that include Encryption & Authentication (SSL), Endpoint Protection, Multi-factor Authentication, PKI/Digital Signing Certificates, DDOS, WAF and Malware Removal. We call it a seven-layer security model. If you are looking for security look no further. We have covered it well.

 
CEOCFO: What do you understand at Acmetek about security that perhaps less knowledgeable companies do not recognize?
Mr. Nuti: Acmetek started its journey into Website Security Solutions mainly focusing on SSL in 2010 as a result of a simple observation: SSL has evolved over the years, but Technology Distributors and Businesses have not adapted. This mismatch led the founders of Acmetek to create the vision for the SSL experience and to develop Channel Enablement Model to support it. With our powerful enablement model, businesses can implement security solutions with ease. With our integrated set of tools and enablement support, partners can now offer SSL and implement for their clients across the globe. Acmetek business model enables channels like CDW, Dell, and likes, with website security solutions. We basically come in and give a solution to their end clients and enable these channels.
 
CEOCFO: Who is turning to you for services?
Mr. Nuti: We work with channels predominately, such as CDW, Dell, and likes. These channels are huge. They serve over half a million clients. These channels are now empowered to sell SSL, which they couldn’t do before because they didn’t have the support structure. We come in and do all the presales, order management and then the post sales for their clients. We also have a direct segment. We serve from small medium businesses to the large enterprise that includes different sectors and verticals like healthcare, finance, education, governments etc.
 
CEOCFO: What has changed in your approach over time?
Mr. Nuti: Hyper Text Transfer Protocol Secure (HTTPS) was really not the main focus back in 2010 for many businesses. It was there, but clients were never giving it their first priority because perception was HTTPS was only needed if you accept credit card details online. That really has changed over the last 6 years with stringent policies enforced from browsers like Google and others. Every business now needs to be on a secure connection to protect their customers trust and counter cybercrime. It is just that there is so much phishing and cybercrime going on in the world. I would say in 2010, we used to knock on doors of our clients and explain they need security and why it is extremely important for them to protect not only themselves but their customers. Now in 2017, it has turned around, now our clients are knocking on our doors to learn about security solutions. That gives you the perspective that businesses are now more aware of security in general.
 
CEOCFO: Would you tell us how you help in the customer service and support side?
Mr. Nuti: We strive to be a customer centric company and there are no two ways about it. This is where our enablement model comes into play. For example, one of the key channels like CDW approaches us for an SSL solution for thier customer, our security experts take it over from them and do the entire need analysis for the customer to find out exactly what they need and put a solution quickly. This eliminates large channels like CDW extensive staff training on products and can focus on their core business. Once we give the solution to the client, it does not stop there, we support the entire lifecycle of the product itself at no extra cost. End customers get a link to an Acmetek-hosted SSL portal with the channel partner’s branding, and the portal makes it easy for the customer to manage the lifecycle of their SSL certificates and more.
 

“Acmetek is a trusted advisor of security solutions and services. Our SSL enablement model is a blue print for channels across the globe.”- Ramesh Nuti

 
CEOCFO: Acmetek was recognized on the Inc 5000 list this year. Would you tell us about the recognition
Mr. Nuti: We are deeply honored to be in such great company as all those recognized by Inc. Acmetek is doing something really unique in the security industry protecting people’s lives. This recognition really helps us in a spreading the awareness of cyber security in general. I am very proud of the entire Acmetek team and we are excited to be recognized by such an illustrious publication. This is a true testament to our commitment to quality and 100% client satisfaction.
 
CEOCFO: What is the competitive landscape?
Mr. Nuti: like I mentioned earlier, we are a trusted advisor of security services and solutions. In this channel landscape, there are only few select players out there. We laid the blueprint for the channels. We also have many case studies written on our business model. The competitive landscape is going to be someone who is already selling the security solutions but most likely they are retail focused. We are channel focused and we give comprehensive SSL solutions to clients, i can’t think of anyone out there who does what we do.
 
CEOCFO: Why choose Acmetek Global Solutions? Mr. Nuti: For the difference that Acmetek is making, the company won a Symantec Trust Services Collaborative Partner of the Year Award in 2013 and has been Strategic Platinum Partner 5 years and recognized by Inc 5000 2 years in a row. The Acmetek business model is a blue print for channels. For clients, it’s very confusing out there when choosing the right security solution especially with many different security products to deal with, if they make a wrong choice, it is going to be extremely difficult to correct it and there will be huge compliance issues in the future. Acmetek really understands the entire nine yards of security here and we make sure our clients get the right solutions and the peace of mind so they can focus on their business. Lastly, we are located both in North Americas and APAC regions serving clients across the globe.

What is Certificate Transparency?

Google’s Certificate Transparency is an open source project that aims to strengthen the SSL/TLS certificate system, which is the main cryptographic security system that underlies all HTTPS secure connections. It is a extra tier of certificate security that forms a Security Triad to ensure that clients navigating the internet are safe and secure in regards to web security.

What Is Certificate Transparency (CT)?

As the name implies, CT allows people on the internet to look at all certificates that have been issued by a Certificate Authority (CA). This is achieved using centralized logging to a collection of servers. These log servers talk to one another, to ensure consistency and reveal any unusual activity. Anyone can query the log servers to find out details on certificates that have been issued to anyone, by anyone. For example, a company could check to see what certificates have been created using its domains and details.

In a nutshell, Certificate Transparency is a 3rd party auditing log required by Google/Chrome to display certificate ownership information.  The information is publicly audible.  Once the CT logging is enabled, that information will be public and can not be deleted from the log.  The following information appears in the CT log:

  • Common Name
  • Subject alternative names
  • Organization name
  • CA (issuer) name
  • Serial number
  • Validity period
  • Extensions
  • Certificate chain

*Note: that much of this information is already publicly available for external sites.

The Security Triad:

Certificate Security Triad If you haven’t noticed over the years all client web browsers have been implementing various security notifications regarding the safety of websites. Browser have become an Auditor of website security  and show notifications to clients when web-surfing.

These notifications will typically show green bars or  padlocks if everything is secure and safe.  Yellow exclamation marks to make client awareness that the website is not as secure as it can be. Lastly red strikes if the browser deems something that is considered unsafe for users. The notifications will vary from browser to browser, but in the end these are all just disclaimers to inform web visitors on the safety of the website. Anything can contribute to these browser notifications including outdated server software configurations, Mixed or Insecure Content, or the certificate running on the website.

Now with Certificate Transparency there is a Web Security Triad. Security is not just limited to the Certificate Authority (Monitor) and Client browser (Auditor) like it used to be. Here’s what’s going on now.

  • CT is a middle logging system that holds a time-stamp of logs of the certificates that have been issued by the various CA’s.
  • The CA informs the Log Server of all certificates that get issued.
  • The CA Monitor and Browser Auditor work in conjunction with the CT Log Server to Monitor, and Audit logs for suspicious certs, and verify that all the certs issued are visible for the public community.
  • The Client browser Auditor verifies that the logs are behaving properly and informs  clients of anything suspicious that has happened in regards to certificate security.

CT is something that happens behind the scenes and is pretty much unnoticeable to browser clients navigating the web, but with its implementation there is a faster response and a extra tier to client safety with navigating the web.

For more information on Certificate Transparency feel free to visit Https://www.certificate-transparency.org



About SSLSupportDesk:

SSLSupportDesk is part of Acmetek who is a trusted advisor of security solutions and services. They provide comprehensive security solutions that include Encryption & Authentication (SSL), Endpoint Protection, Multi-factor Authentication, PKI/Digital Signing Certificates, DDOS, WAF and Malware Removal. If you are looking for security look no further. Acmetek has it all covered!

Contact an SSL Specialist to get a consultation on the Website Security Solutions that can fit your needs.

Become a Partner and create additional revenue stream while the heavy lifting for you.

thawte SGC SuperCert SSL Deprecation

Server Gated Cryptography (SCG) certificates are used for maintaining a 128 bit connection irrespective of browser age. They are designed to step up the encryption to 128 bit. With the new norm of SHA-256 for all SSL certificates.

The thawte product thawte SGC SuperCert  will no longer be compatible with SHA-256. This is the reason why  thawte announced they will discontinue their SGC SuperCert product in the 2nd Qtr of 2015.

Acmetek recommends the SSL Web Server with EV as a suitable replacement certificate. Added benefit with this certificate is it also offers Green Bar at a similar cost.



About SSLSupportDesk:

SSLSupportDesk is part of Acmetek who is a trusted advisor of security solutions and services. They provide comprehensive security solutions that include Encryption & Authentication (SSL), Endpoint Protection, Multi-factor Authentication, PKI/Digital Signing Certificates, DDOS, WAF and Malware Removal. If you are looking for security look no further. Acmetek has it all covered!

Contact an SSL Specialist to get a consultation on the Website Security Solutions that can fit your needs.

Become a Partner and create additional revenue stream while the heavy lifting for you.

Symantec SSL Certificates with the ECC Algorithm

Overview

The security environment is constantly changing as hackers become more sophis­ticated and your customers increasingly reach for mobile or tablet devices to carry out transactions online. Keeping up with the developments in malware and con­tinuing to provide a secure and trustworthy experience for your customers is vital.

As a leader in SSL security, Symantec is always working on new solutions that help your business to anticipate and meet increasing security demands, and provide a safe environment for your customers.

Harnessing the latest technology, Symantec SSL certification with ECC is an easy way for your business to address the impending move to 2048-bit encryption and benefit from the explosion in mobile device and tablet use. ECC is a U.S. government-approved and National Security Agency-endorsed encryption method that offers your business enhanced security and better performance than current encryption.

Better Performance, Stronger Security with the ECC Algorithm

Elliptic Curve Cryptography (ECC) creates encryption keys based on the idea of using points on a curve to define the public/private key pair. It is difficult to break using the brute force methods often employed by hackers and offers a faster solution with less computing power than RSA-based encryption.

Key Benefits

  • Better securityECC provides stronger protection against attacks than cur­rent encryption methods. The ECC algorithm relies on a mathematical problem that is more difficult for hackers to attack than the current encryption, making your websites and infrastructure more secure than with traditional methods.
  • Better performanceECC requires a shorter key length to provide a superior level of security, For instance, a 256-bit ECC key provides the same level of protection as a 3072-bit RSA key. The result? You get the security you need without sacrificing performance.
  • Investment protectionECC helps protect your infrastructure investment by providing increased security that can handle the explosion in mobile device connections. ECC key lengths increase at a slower rate than other encryption method keys, potentially extending the life of your existing hardware and giving you a greater return on your investment.
  • Mobile advantageECC’s smaller key length means smaller certificates that consume less bandwidth. As more of your customers move to smaller devices for their online transactions, ECC offers a better customer experience.

ECC KeySizes Vs RSA and DSA

Compatibility

We know that keeping up with security requirements, compliance and threats can be difficult, and that’s why Symantec creates solutions that will make protecting your business easier.

Symantec’s ECC roots have been available in the top three browsers since 2007, so Symantec’s ECC certificates will work in your existing infrastructure as long as modern browsers are used.

Why Acmetek?

Acmetek is a Symantec Website Security Solutions Authorized Distributor and a Platinum Partner. Our certificates include certificate management, vulnerability assessment, malware scanning, and life time support for the certificate. You also get the Norton Secured Seal and Symantec Seal-in-Search to assure customers that they are safe when they search, browse or buy on your websites.

Rest easy knowing your website is protected by the #1 choice for SSL security. Symantec SSL Certificates secure more than one million web servers worldwide— more than any other Certificate Authority. In fact, 97 of the world’s 100 largest SSL-using banks and 81% of the 500 biggest e-commerce sites in North America use SSL Certificates from Symantec.

How to get SSL Certificates with ECC from Acmetek?

Symantec Premium SSL Certificates, Secure Site Pro and Secure Site Pro with EV, now give you the option of using the high security ECC algorithm (included free) to deliver stronger security than standard encryption methods while improving performance.

Visit the Symantec Secure Site Pro pages to sign up for a certificate or renew your current subscription.
or
Become a Partner and create additional revenue stream while we do the heavy lifting for you.


About SSLSupportDesk:

SSLSupportDesk is part of Acmetek who is a trusted advisor of security solutions and services. They provide comprehensive security solutions that include Encryption & Authentication (SSL), Endpoint Protection, Multi-factor Authentication, PKI/Digital Signing Certificates, DDOS, WAF and Malware Removal. If you are looking for security look no further. Acmetek has it all covered!

Contact an SSL Specialist to get a consultation on the Website Security Solutions that can fit your needs.

Become a Partner and create additional revenue stream while the heavy lifting for you.

The FREAK Vulnerability.

The FREAK Vulnerability, What is happening?

A new SSL/TLS vulnerability named “FREAK” was identified by several security researchers. This threat allows an attacker to get between a client and server and view what is intended to be a secure and private communication. The vulnerability is primarily due to a bug in OpenSSL client software, but only exploitable on poorly-configured web servers. Both clients and servers are at risk. Website owners can protect their sites by properly configuring their web servers by removing affected ciphers and restarting their servers. Note: That this vulnerability is not related to SSL certificates. Your existing certificate will continue to work as intended. No certificate replacement is needed.

Why should a Acmetek Customer or Partner care?

Customer webservers may be vulnerable to this issue. Organizations should evaluate their web servers to determine if they are vulnerable. Symantec offers an easy-to-use check in its SSL Toolbox to allow customers to easily verify that their web sites are safe or vulnerable.

What Acmetek Customers Must Do?

It’s relatively easy to determine if a website is vulnerable, and if so, it’s relatively easy to change the configuration to block any possible attacks. Any type of web server (Apache, IIS, nginx, etc.) may be vulnerable if its configuration allows the use of so-called Export Ciphers. In Apache/OpenSSLdocumentation, for example, the names of these ciphers all begin with EXP (from https://httpd.apache.org/docs/2.4/mod/mod_ssl.html):

EXP-DES-CBC-SHA

EXP-RC2-CBC-MD5

EXP-RC4-MD5

EXP-EDH-RSA-DES-CBC-SHA

EXP-EDH-DSS-DES-CBC-SHA

EXP-ADH-DES-CBC-SHA

EXP-ADH-RC4-MD5

If a customer’s web server supports these ciphers, the customer must reconfigure the web server by removing these ciphers from the list of supported ciphers, and restart the web server. Although not related to this vulnerability, customers should also disable null ciphers if they are supported, since such ciphers do not provide any encryption of the SSL stream:

NULL-SHA

NULL-MD5

In Windows, the names of export ciphers contain the string “EXPORT”. Here is a list taken from

http://support.microsoft.com/kb/245030:

SSL_RSA_EXPORT1024_WITH_DES_CBC_SHA

SSL_RSA_EXPORT1024_WITH_RC4_56_SHA

SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5

SSL_RSA_EXPORT_WITH_RC4_40_MD5

TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA

TLS_RSA_EXPORT1024_WITH_RC4_56_SHA

TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5

TLS_RSA_EXPORT_WITH_RC4_40_MD5

NULL

We advise customers to consult their web server documentation to determine how to view the list of supported ciphers, and how to disable certain ciphers.

Frequently Asked Questions:

Q: How critical is this vulnerability?

A: This vulnerability appears to be as slightly less critical than POODLE. Although an attack is difficult to carry out it is important for people prioritize this patch.

Q: What should customers do?

A: Customers should remove the above listed affected ciphers (if they are supported by their web server) and restart their web server.

Q: Do SSL certificates have to be replaced?

A: No, this is not required.


About SSLSupportDesk:

SSLSupportDesk is part of Acmetek who is a trusted advisor of security solutions and services. They provide comprehensive security solutions that include Encryption & Authentication (SSL), Endpoint Protection, Multi-factor Authentication, PKI/Digital Signing Certificates, DDOS, WAF and Malware Removal. If you are looking for security look no further. Acmetek has it all covered!

Contact an SSL Specialist to get a consultation on the Website Security Solutions that can fit your needs.

Become a Partner and create additional revenue stream while the heavy lifting for you.

OpenSSL patch released that fixes High-severity Diffie Hellman bug

OpenSSL has fixed a high-severity vulnerability that made it possible for attackers to obtain the key that decrypts communications secured in HTTPS based on the ephemeral keys, DSA based Diffie Hellman (DH) key exchange.

HackingThe OpenSSL Diffie Hellman issue got assigned CVE-2016-0701 with a severity of High. This vulnerability could allow an attacker to force the peer to perform multiple handshakes using the same private Diffie Hellman key component. Meaning they could use this flaw to conduct man-in-the-middle attacks on the SSL/TLS connection.

OpenSSL released on 28-Jan-2016 their Security Advisory regarding the fixes on their website OpenSSL.org.

OpenSSL provides the option SSL_OP_SINGLE_DH_USE for ephemeral DH (DHE) in TLS. It is not on by default. If the option is not set then the server reuses the same private DH exponent for the life of the server process and would be vulnerable to this attack. It is believed that many popular applications do set this option and would therefore not be at risk.

OpenSSL 1.0.2 users should upgrade to 1.0.2f as stated in the security advisory. That download patch fix can be found here.

Fortunately Diffie Hellman key exchange is not met by the mainstream industry, and more than likely users are not using DSA Diffie Hellman ephemeral keys in order to perform their encryption. But the first line of defense to keep hackers at bay is to update their systems and not become stagnant in security.


About SSLSupportDesk:

SSLSupportDesk is part of Acmetek who is a trusted advisor of security solutions and services. They provide comprehensive security solutions that include Encryption & Authentication (SSL), Endpoint Protection, Multi-factor Authentication, PKI/Digital Signing Certificates, DDOS, WAF and Malware Removal. If you are looking for security look no further. Acmetek has it all covered!

Contact an SSL Specialist to get a consultation on the Website Security Solutions that can fit your needs.

Become a Partner and create additional revenue stream while the heavy lifting for you.

SSLv2 – The “Drown” Attack

Just recently there has been a lot of news regarding a vulnerability with SSLv2 (SSL2.0) and what has been named the Drown Attack. You will see articles saying “Drown Attack effects over 1/3 of the worlds websites, ” “No one is secure on the internet anymore,”  More than a Million sites effected!” etc.. the list goes on and on.

Allow me to calm some fears you may have..img17

Unless your have NOT touched your server system since 2011 then don’t worry. SSLv2 which was created back in 1995 was considered an obsolete protocol back in 2011, and more than likely you are not using it. Because the following…

  • Browsers such as Chrome have by default put a stop to the use of this protocol as default on their browsers since 2011.
  • You would have seen errors within your browser regarding the use of this the SSLv2 protocol running on the website, and would have turned this protocol off already.
  • Every couple of years a Digital Certificate gets updated on server systems that is part of encryption, and during this time you probably used a certificate checker to see if everything is ok. That SSL Checking tool more than likely told you that status of that server system and would have made you aware of SSLv2 being obsolete years ago.
  • If you are PCI compliant then you are not using SSLv2, or any SSL protocol for that matter.

The DROWN stands for Decrypting Rsa with Obsolete and Weakened eNcryption and it allows attackers to break the encryption enabling that hacker  to read or steal sensitive communications, including passwords, credit card numbers, trade secrets, or financial data.

On March 01, 2016, The United States Computer Emergency Readness Team (US-Cert) released this on their website. 

Network traffic encrypted using an RSA-based SSL certificate may be decrypted if enough SSLv2 handshake data can be collected. Exploitation of this vulnerability – referred to as DROWN in public reporting – may allow a remote attacker to obtain the private key of a server supporting SSLv2.

US-CERT encourages users and administrators to review Vulnerability Note VU#583776 and the US-CERT OpenSSL Current Activity for additional information and mitigation details.

So this really shouldn’t be news since SSLv2 was considered obsolete back in 2011. It was bound to happen sooner or later.

If you do happen to be effected by SSLv2 or would like to double check Qualys has an amazing SSL checking tool that goes deep into the health of a server system. SSLSupportDesk.com has a great article on how to use and read this checker featured here.  

More information can be found https://drownattack.com/


About SSLSupportDesk:

SSLSupportDesk is part of Acmetek who is a trusted advisor of security solutions and services. They provide comprehensive security solutions that include Encryption & Authentication (SSL), Endpoint Protection, Multi-factor Authentication, PKI/Digital Signing Certificates, DDOS, WAF and Malware Removal. If you are looking for security look no further. Acmetek has it all covered!

Contact an SSL Specialist to get a consultation on the Website Security Solutions that can fit your needs.

Become a Partner and create additional revenue stream while the heavy lifting for you.