Thycotic will be closed Thursday and Friday, Nov. 26th and 27th for the Thanksgiving holiday. More info »

  • 15 OCT 14

POODLE: Not your typical walk in the park

Google, among several security organizations, recently announced a vulnerability in the SSL protocol, particularly SSL version 3. SSL is used to secure connections between a client and server to prevent eavesdropping, and that the data has not been tampered. SSLv3 is an old version of the SSL protocol, dating back to 1996 and debuted with Netscape

  • 09 SEP 14

Infamous Heartbleed Bug Responsible for Over 4.5 Million Patient Records Leaked

Heartbleed continues to haunt the organizations as patch efforts remain ignored. In April we notified our customers that our solutions remained unaffected, but unfortunately for millions that was not the case. Over six months later a data breach at Community Health Systems is the result of the infamous Heartbleed vulnerability that several versions of OpenSSL

  • 05 JUN 14

SSL: Beyond the Basics Part 4: Strict Transport Security

In our previous post, we discussed SSL certificates and new cryptographic functionality that can be used with modern SSL certificates. Next, we are going to look at how to make sure SSL is always used for web clients in a browser. SSL doesn’t do much for securing browsers if it isn’t used, which is why

  • 22 MAY 14

SSL: Beyond the Basics Part 3: Certificates

In our previous post, we discussed configuring TLS cipher suites to maximize security by preferring newer, more secure ciphers and removing older ones where possible. For this post, we will take a closer look at different types of certificates that are used in HTTPS. The certificate is responsible for several different things when securing a

  • 16 MAY 14

SSL: Beyond the Basics Part 2: Ciphers

In our previous post, we discussed the different protocols for SSL and TLS, and how we can improve security by disabling older, less secure protocols and enabling newer, more secure ones. Today, we will talk about ciphers, which is one of the key pieces to making these protocols work. Here’s a quick refresher from last

  • 08 MAY 14

SSL: Beyond the Basics

Part 1: Protocol Selection Here at Thycotic we have a wide range of recommended security best practices for our customers, and one of the first things we recommend is setting up SSL, or Secure Socket Layer, for Secret Server. Setting up SSL is fairly trivial once an SSL certificate is obtained. Once it’s set up,