Re: [Guidelines change] Changes to the packaging guidelines
by Frank Ch. Eigler
sgallagh wrote:
> [...] Yes, I thought my new phrasing was more clearly expressing
> the original intent of the statement as I understood it. [...] I
> think we should perhaps discuss this at the weekly FESCo meeting.
https://fedorahosted.org/fesco/ticket/1446
> This is what I get for trying to improve clarity!
No good deed goes unpunished! :-)
- FChE
8 years, 4 months
- 1
- 0
TLS scan results for April 2015
by Hubert Kario
Not much changes since last scan, just continuation of established trends.
As always, detailed analysis on my blog:
https://securitypitfalls.wordpress.com/2015/05/23/april-2015-scan-results/
SSL/TLS survey of 484573 websites from Alexa's top 1 million
Stats only from connections that did provide valid certificates
(or anonymous DH from servers that do also have valid certificate installed)
Supported Ciphers Count Percent
-------------------------+---------+-------
3DES 406786 83.9473
3DES Only 794 0.1639
AES 472659 97.5413
AES Only 10959 2.2616
AES-CBC 472558 97.5205
AES-CBC Only 4829 0.9965
AES-GCM 303174 62.5652
AES-GCM Only 29 0.006
CAMELLIA 209131 43.1578
CAMELLIA Only 1 0.0002
CHACHA20 58829 12.1404
CHACHA20 Only 37 0.0076
Insecure 77058 15.9022
RC4 292575 60.3779
RC4 Only 2401 0.4955
RC4 Preferred 45677 9.4262
RC4 forced in TLS1.1+ 27055 5.5833
x:FF 29 RC4 Only 2759 0.5694
x:FF 29 RC4 Preferred 50228 10.3654
x:FF 29 incompatible 166 0.0343
x:FF 35 RC4 Only 3002 0.6195
x:FF 35 RC4 Preferred 50330 10.3865
x:FF 35 incompatible 169 0.0349
y:DHE-RSA-SEED-SHA 106435 21.9647
y:IDEA-CBC-SHA 86288 17.807
y:SEED-SHA 104010 21.4643
z:ADH-AES128-GCM-SHA256 403 0.0832
z:ADH-AES128-SHA 1245 0.2569
z:ADH-AES128-SHA256 285 0.0588
z:ADH-AES256-GCM-SHA384 411 0.0848
z:ADH-AES256-SHA 1251 0.2582
z:ADH-AES256-SHA256 288 0.0594
z:ADH-CAMELLIA128-SHA 757 0.1562
z:ADH-CAMELLIA256-SHA 767 0.1583
z:ADH-DES-CBC-SHA 370 0.0764
z:ADH-DES-CBC3-SHA 1264 0.2608
z:ADH-RC4-MD5 1068 0.2204
z:ADH-SEED-SHA 624 0.1288
z:AECDH-AES128-SHA 14597 3.0123
z:AECDH-AES256-SHA 14601 3.0132
z:AECDH-DES-CBC3-SHA 14555 3.0037
z:AECDH-NULL-SHA 33 0.0068
z:AECDH-RC4-SHA 13915 2.8716
z:DES-CBC-MD5 15676 3.235
z:DES-CBC-SHA 43379 8.952
z:DES-CBC3-MD5 29965 6.1838
z:ECDHE-RSA-NULL-SHA 39 0.008
z:EDH-RSA-DES-CBC-SHA 36816 7.5976
z:EXP-ADH-DES-CBC-SHA 296 0.0611
z:EXP-ADH-RC4-MD5 298 0.0615
z:EXP-DES-CBC-SHA 23304 4.8092
z:EXP-EDH-RSA-DES-CBC-SHA 18924 3.9053
z:EXP-RC2-CBC-MD5 27382 5.6507
z:EXP-RC4-MD5 29880 6.1663
z:EXP1024-DES-CBC-SHA 7448 1.537
z:EXP1024-RC4-SHA 7538 1.5556
z:IDEA-CBC-MD5 2648 0.5465
z:NULL-MD5 269 0.0555
z:NULL-SHA 277 0.0572
z:NULL-SHA256 17 0.0035
z:RC2-CBC-MD5 16012 3.3044
z:RC4-64-MD5 1266 0.2613
Cipher ordering Count Percent
-------------------------+---------+-------
Client side 137690 28.4147
Server side 346883 71.5853
Supported Handshakes Count Percent
-------------------------+---------+-------
ADH 1408 0.2906
AECDH 14635 3.0202
DHE 270437 55.8093
ECDHE 323781 66.8178
ECDHE and DHE 176359 36.3947
RSA 446206 92.0823
Supported PFS Count Percent PFS Percent
-------------------------+---------+--------+-----------
DH,1024bits 223209 46.063 82.5364
DH,1536bits 1 0.0002 0.0004
DH,2048bits 43655 9.009 16.1424
DH,2236bits 3 0.0006 0.0011
DH,2430bits 1 0.0002 0.0004
DH,3072bits 21 0.0043 0.0078
DH,4096bits 2722 0.5617 1.0065
DH,512bits 78 0.0161 0.0288
DH,768bits 777 0.1603 0.2873
DH,8192bits 1 0.0002 0.0004
ECDH,B-163,163bits 5 0.001 0.0015
ECDH,B-571,570bits 986 0.2035 0.3045
ECDH,K-163,163bits 1 0.0002 0.0003
ECDH,K-571,570bits 1 0.0002 0.0003
ECDH,P-224,224bits 41 0.0085 0.0127
ECDH,P-256,256bits 316799 65.3769 97.8436
ECDH,P-384,384bits 3387 0.699 1.0461
ECDH,P-521,521bits 4921 1.0155 1.5199
Prefer DH,1024bits 90273 18.6294 33.3804
Prefer DH,2048bits 2959 0.6106 1.0942
Prefer DH,2236bits 1 0.0002 0.0004
Prefer DH,4096bits 100 0.0206 0.037
Prefer DH,512bits 3 0.0006 0.0011
Prefer DH,768bits 394 0.0813 0.1457
Prefer ECDH,B-163,163bits 5 0.001 0.0015
Prefer ECDH,B-571,570bits 777 0.1603 0.24
Prefer ECDH,K-163,163bits 1 0.0002 0.0003
Prefer ECDH,K-571,570bits 1 0.0002 0.0003
Prefer ECDH,P-224,224bits 16 0.0033 0.0049
Prefer ECDH,P-256,256bits 262300 54.1301 81.0115
Prefer ECDH,P-384,384bits 2417 0.4988 0.7465
Prefer ECDH,P-521,521bits 4606 0.9505 1.4226
Prefer PFS 363853 75.0873 0
Support PFS 417859 86.2324 0
Supported ECC curves Count Percent
-------------------------+---------+--------
brainpoolP256r1 275 0.0568
brainpoolP384r1 275 0.0568
brainpoolP512r1 276 0.057
prime192v1 1006 0.2076
prime256v1 322585 66.571
prime256v1 Only 280643 57.9155
secp160k1 973 0.2008
secp160r1 977 0.2016
secp160r2 973 0.2008
secp192k1 994 0.2051
secp224k1 1021 0.2107
secp224r1 1909 0.394
secp224r1 Only 1 0.0002
secp256k1 1031 0.2128
secp384r1 42157 8.6998
secp384r1 Only 214 0.0442
secp521r1 11163 2.3037
secp521r1 Only 85 0.0175
sect163k1 974 0.201
sect163k1 Only 1 0.0002
sect163r1 973 0.2008
sect163r2 978 0.2018
sect163r2 Only 5 0.001
sect193r1 973 0.2008
sect193r2 972 0.2006
sect233k1 1012 0.2088
sect233r1 1012 0.2088
sect239k1 1011 0.2086
sect283k1 1011 0.2086
sect283r1 1011 0.2086
sect409k1 1012 0.2088
sect409r1 1011 0.2086
sect571k1 1023 0.2111
sect571r1 1023 0.2111
Unsupported curve fallback Count Percent
------------------------------+---------+--------
False 79371 16.3796
True 201893 41.6641
order-specific 25 0.0052
unknown 203284 41.9512
ECC curve ordering Count Percent
-------------------------+---------+--------
client 1937 0.3997
inconclusive-noecc 23 0.0047
server 320951 66.2338
unknown 161662 33.3617
TLSv1.2 PFS supported sigalgs Count Percent
------------------------------+---------+--------
ECDSA-SHA1 29961 6.183
ECDSA-SHA224 29962 6.1832
ECDSA-SHA256 29968 6.1844
ECDSA-SHA384 29969 6.1846
ECDSA-SHA512 29973 6.1854
ECDSA-SHA512 Only 4 0.0008
RSA-MD5 138363 28.5536
RSA-SHA1 288373 59.5107
RSA-SHA1 Only 44023 9.0849
RSA-SHA224 233398 48.1657
RSA-SHA256 248405 51.2627
RSA-SHA256 Only 3440 0.7099
RSA-SHA384 234083 48.3071
RSA-SHA512 234329 48.3578
RSA-SHA512 Only 236 0.0487
TLSv1.2 PFS ordering Count Percent
------------------------------+---------+--------
client 213825 44.1265
indeterminate 7 0.0014
intolerant 2102 0.4338
order-fallback 14 0.0029
server 106987 22.0786
unsupported 37608 7.7611
TLSv1.2 PFS sigalg fallback Count Percent
------------------------------+---------+--------
ECDSA SHA1 29954 6.1815
ECDSA intolerant 26 0.0054
ECDSA pfs-rsa-SHA512 2 0.0004
RSA False 136825 28.2362
RSA SHA1 130262 26.8818
RSA intolerant 24807 5.1194
RSA pfs-ecdsa-SHA512 1 0.0002
RSA soft-nopfs 1684 0.3475
Renegotiation Count Percent
-------------------------+---------+--------
False 8680 1.7913
insecure 23543 4.8585
secure 452350 93.3502
Compression Count Percent
-------------------------+---------+--------
1 (zlib compression) 13301 2.7449
False 8680 1.7913
NONE 462592 95.4638
TLS session ticket hint Count Percent
-------------------------+---------+--------
1 2 0.0004
1 only 2 0.0004
2 2 0.0004
2 only 2 0.0004
5 2 0.0004
5 only 2 0.0004
10 6 0.0012
10 only 6 0.0012
15 10 0.0021
15 only 10 0.0021
30 8 0.0017
30 only 8 0.0017
60 95 0.0196
60 only 90 0.0186
65 1 0.0002
65 only 1 0.0002
70 6 0.0012
100 13 0.0027
100 only 13 0.0027
120 31 0.0064
120 only 31 0.0064
128 2 0.0004
128 only 2 0.0004
150 2 0.0004
180 46 0.0095
180 only 43 0.0089
240 11 0.0023
240 only 11 0.0023
300 211464 43.6392
300 only 204443 42.1903
360 1 0.0002
400 7 0.0014
400 only 7 0.0014
420 117 0.0241
420 only 65 0.0134
480 13 0.0027
480 only 12 0.0025
500 3 0.0006
500 only 3 0.0006
600 14992 3.0939
600 only 14817 3.0577
660 1 0.0002
660 only 1 0.0002
720 1 0.0002
720 only 1 0.0002
900 527 0.1088
900 only 499 0.103
960 2 0.0004
960 only 2 0.0004
1200 574 0.1185
1200 only 562 0.116
1440 1 0.0002
1440 only 1 0.0002
1500 13 0.0027
1500 only 12 0.0025
1800 368 0.0759
1800 only 362 0.0747
2400 6 0.0012
2400 only 6 0.0012
2700 9 0.0019
2700 only 9 0.0019
3000 12 0.0025
3000 only 12 0.0025
3600 371 0.0766
3600 only 355 0.0733
3900 1 0.0002
3900 only 1 0.0002
4200 1 0.0002
5400 14 0.0029
5400 only 2 0.0004
6000 5 0.001
6000 only 5 0.001
7200 14319 2.955
7200 only 13804 2.8487
10800 1786 0.3686
10800 only 1780 0.3673
14400 1343 0.2772
14400 only 1335 0.2755
18000 11 0.0023
18000 only 11 0.0023
21600 4962 1.024
21600 only 4955 1.0225
28800 10 0.0021
28800 only 9 0.0019
36000 980 0.2022
36000 only 972 0.2006
43200 27 0.0056
43200 only 23 0.0047
60000 1 0.0002
60000 only 1 0.0002
64800 46419 9.5794
64800 only 46415 9.5785
72000 7 0.0014
72000 only 7 0.0014
84600 1 0.0002
84600 only 1 0.0002
86000 34 0.007
86000 only 34 0.007
86400 363 0.0749
86400 only 363 0.0749
100800 12150 2.5074
100800 only 12149 2.5072
129600 9 0.0019
129600 only 9 0.0019
172800 2 0.0004
172800 only 2 0.0004
216000 1 0.0002
216000 only 1 0.0002
432000 1 0.0002
432000 only 1 0.0002
600000 1 0.0002
600000 only 1 0.0002
604800 1 0.0002
604800 only 1 0.0002
864000 3 0.0006
864000 only 3 0.0006
None 181287 37.4117
None only 173413 35.7868
Certificate sig alg Count Percent
-------------------------+---------+--------
None 15526 3.2041
ecdsa-with-SHA256 29954 6.1815
sha1WithRSAEncryption 207522 42.8257
sha256WithRSAEncryption 247164 51.0066
sha384WithRSAEncryption 1 0.0002
sha512WithRSAEncryption 11 0.0023
Certificate key size Count Percent
-------------------------+---------+--------
ECDSA 256 29979 6.1867
ECDSA 384 5 0.001
RSA 1024 222 0.0458
RSA 10240 3 0.0006
RSA 2028 1 0.0002
RSA 2047 1 0.0002
RSA 2048 437533 90.2925
RSA 2049 3 0.0006
RSA 2056 3 0.0006
RSA 2058 2 0.0004
RSA 2064 2 0.0004
RSA 2080 2 0.0004
RSA 2084 8 0.0017
RSA 2096 1 0.0002
RSA 2408 3 0.0006
RSA 2432 5 0.001
RSA 2612 2 0.0004
RSA 3024 1 0.0002
RSA 3050 1 0.0002
RSA 3071 1 0.0002
RSA 3072 93 0.0192
RSA 3096 1 0.0002
RSA 3102 1 0.0002
RSA 3248 1 0.0002
RSA 3600 1 0.0002
RSA 4042 1 0.0002
RSA 4048 2 0.0004
RSA 4056 30 0.0062
RSA 4069 1 0.0002
RSA 4086 4 0.0008
RSA 4092 10 0.0021
RSA 4096 16685 3.4432
RSA 8192 6 0.0012
RSA/ECDSA Dual Stack 35 0.0072
OCSP stapling Count Percent
-------------------------+---------+--------
Supported 85670 17.6795
Unsupported 398903 82.3205
Supported Protocols Count Percent
-------------------------+---------+-------
SSL2 30248 6.2422
SSL2 Only 63 0.013
SSL3 145442 30.0145
SSL3 Only 993 0.2049
SSL3 or TLS1 Only 92308 19.0493
SSL3 or lower Only 1029 0.2124
TLS1 482080 99.4855
TLS1 Only 53168 10.9721
TLS1 or lower Only 120432 24.8532
TLS1.1 349742 72.1753
TLS1.1 Only 29 0.006
TLS1.1 or up Only 1151 0.2375
TLS1.2 360532 74.402
TLS1.2 Only 703 0.1451
TLS1.2, 1.0 but not 1.1 12562 2.5924
Statistics from 501419 chains provided by 668131 hosts
Server provided chains Count Percent
-------------------------+---------+-------
complete 444722 66.5621
incomplete 28787 4.3086
untrusted 194622 29.1293
Trusted chain statistics
========================
Chain length Count Percent
-------------------------+---------+-------
2 466 0.0929
3 419080 83.5788
4 81838 16.3213
5 35 0.007
CA key size in chains Count
-------------------------+---------
ECDSA 256 29837
ECDSA 384 29837
RSA 1024 447
RSA 2045 1
RSA 2048 932773
RSA 4096 91385
Chains with CA key Count Percent
-------------------------+---------+-------
ECDSA 256 29837 5.9505
ECDSA 384 29837 5.9505
RSA 1024 443 0.0883
RSA 2045 1 0.0002
RSA 2048 470954 93.9242
RSA 4096 90510 18.0508
Signature algorithm (ex. root) Count
------------------------------+---------
ecdsa-with-SHA384 29837
sha1WithRSAEncryption 222155
sha256WithRSAEncryption 174421
sha384WithRSAEncryption 156409
sha512WithRSAEncryption 39
Eff. host cert chain LoS Count Percent
-------------------------+---------+-------
80 222398 44.3537
112 249181 49.6952
128 29840 5.9511
Root CAs Count Percent
---------------------------------------------+---------+-------
(2c543cd1) GeoTrust Global CA 108475 21.6336
(157753a5) AddTrust External CA Root 107019 21.3432
(5ad8a5d6) GlobalSign Root CA 50472 10.0658
(cbf06781) Go Daddy Root Certificate Authorit 44010 8.7771
(eed8c118) COMODO ECC Certification Authority 29832 5.9495
(b204d74a) VeriSign Class 3 Public Primary Ce 27936 5.5714
(2e4eed3c) thawte Primary Root CA 25416 5.0688
(244b5494) DigiCert High Assurance EV Root CA 24612 4.9085
(653b494a) Baltimore CyberTrust Root 11515 2.2965
(ae8153b9) StartCom Certification Authority 9470 1.8886
(f081611a) The Go Daddy Group, Inc. 8925 1.7799
(b13cc6df) UTN-USERFirst-Hardware 8766 1.7482
(f387163d) Starfield Technologies, Inc. 6944 1.3849
(3513523f) DigiCert Global Root CA 6188 1.2341
(480720ec) GeoTrust Primary Certification Aut 5346 1.0662
(40547a79) COMODO Certification Authority 5333 1.0636
Scan performed between 17th and 29th of April 2015
--
Regards,
Hubert Kario
Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic
8 years, 4 months
- 1
- 0
Breakpoint 2015 Call For Presentations
by cfp@ruxcon.org.au
Breakpoint 2015 Call For Papers
Melbourne, Australia, October 22th-23th
Intercontinental Rialto
http://www.ruxconbreakpoint.com
.[x]. Introduction .[x].
We are pleased to announce Call For Presentations for Breakpoint 2015.
Breakpoint showcases the work of expert security researchers from around the
world on a wide range of topics. This conference is organised by the Ruxcon
team and offers a specialised security conference to complement and lead into
the larger and more casual Ruxcon weekend conference. Breakpoint caters
towards security researchers and industry professionals alike, with a focus on
cutting edge security research.
Breakpoint presents a great opportunity for our selected speakers to receive a
complimentary trip to Australia and experience both the Breakpoint and Ruxcon
conferences, not to mention the great weather, parties, and friendly people.
.[x]. Important Dates .[x].
May 15 - Call For Presentations Open
August 30 - Call For Presentations Close
October 19-21 - Breakpoint Training
October 22-23 - Breakpoint Conference
October 24-25 - Ruxcon Conference
.[x]. Topic Scope .[x].
Topics of interest include, but are not limited to:
o Mobile Device Security
o Exploitation Techniques
o Reverse Engineering
o Vulnerability Discovery
o Rootkit Development
o Malware Analysis
o Code Analysis
o Virtualisation, Hypervisor Security
o Cloud Security
o Embedded Device Security
o Hardware Security
o Telecommunications Security
o Wireless Network Security
o Web Application Security
o Law Enforcement Activities
o Forensics
o Threat Intelligence
o Incident Response
.[x]. Submission Guidelines .[x].
In order for us to process your submission we will require the following
information:
1. Presentation title
2. Detailed summary of your presentation material
3. Name/Nickname
4. Mobile phone number
5. Brief personal biography
6. Description of any demonstrations involved in presentation
7. Information on where the presentation material has or will be presented
before Breakpoint
* Preference will be given to presentations that contain original research
that will be first presented at Breakpoint.
* As a general guideline, Breakpoint presentations are between
45 and 60 minutes, including question time.
If you have any questions about submissions, or would like to make a
submission, please send an email to bpx(a)ruxconbreakpoint.com
.[x]. Speaker Benefits .[x].
Speakers at Breakpoint will be entitled to the following benefits:
- A return economy airfare to Melbourne (total cost limit applies)
- Three nights accommodation at the Intercontinental Rialto
- Complimentary registration for Breakpoint and Ruxcon conferences
- Invitation to all Breakpoint and Ruxcon parties
- Unlock 'Presented on world's smallest continent' achievement
* All speaker benefits apply to a single speaker per submission.
.[x]. Contact .[x].
If you have any questions or inqueries, contact us at:
* Email: bpx(a)ruxconbreakpoint.com
* Twitter: ruxconbpx
8 years, 4 months
- 1
- 0
- ← Newer
- 1
- Older →