Posts

Showing posts from January, 2016

The majority of DHS subdomains vulnerable to Man in The Middle attacks

Image
On 17th september there were 18 .dhs.gov entries in badssl, 11 of which vulnerable to Man in The Middle attacks and 4 to Poodle (TLS) attack;

United States Government Accountability Office has meanwhile found other issues which are probably bigger(?) than that, as the $6B firewall which seems hitting an impressive 6% of the total vulnerabilities selected for review:

More specifically, for the five client applications we reviewed (Adobe Acrobat, Flash, Internet Explorer, Java, and Microsoft office), the NCPS intrusion detection signatures provided some degree of coverage for approximately 6 percent of the total vulnerabilities selected for review.
...by the way, here are the (SSL/TLS) facts about DHS as of today: