Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

Are you ready for June 30th's PCI deadline? Say hello to TLS v 1.2
Concerto Cloud Services ^ | 04.16.2018 | Bill Davison

Posted on 05/29/2018 6:48:37 AM PDT by Texas Fossil

The PCI Security Standards Council, the body governing credit card transactions, has set a deadline for disabling early versions of TLS/SSL to June 30, 2018. What are these technologies? TLS (Transport Layer Security) and SSL (Secure Sockets Layer) are fundamental to internet transport security. Early versions are still fairly common in older infrastructure. Not updating to the newer versions by the deadline could cause your organization to incur a major fee and potentially halt taking credit card transactions. 

Why is the TLS update critical? 

Let’s take a step back and lay some groundwork. TLS and its predecessor SSL are a set of protocols used to provide secure communications over the internet between one device and another. It is the “S” in HTTPS. Each revision defined a set of cryptographically secure methods to establish and maintain communication. New versions were released as issues with the previous versions were found. Older versions have become less secure as computers have become faster and can break the encryption more efficiently. 

What does the TLS mandate require? 

The current version TLS 1.2 was published 10 years ago, and TLS 1.3 was recently published and should become an official standard later this year. The PCI Council set a deadline of June 30, 2018, to remove or mitigate all older versions of TLS and all versions of SSL. They currently allow higher security settings of TLS 1.1 and TLS 1.2, with heavy emphasis on updating to TLS 1.2. 

New systems have been required for some time to use the updated versions, but older and existing systems were granted an extension, which expires on June 30. This is the deadline that is looming for many organizations. The requirements also include internal communication between two servers, not only external communication directly to clients.

(Excerpt) Read more at concertocloud.com ...


TOPICS: Government; News/Current Events; Technical
KEYWORDS: computer; deadline; security; update
Navigation: use the links below to view more comments.
first 1-2021-27 next last
I've been running into sites that are telling my that my browser is not current. And something vague about June 30th, 2018.

It looks like it is time for me to do a new install on my Linux PC. I've not been able to do updates on the installed package for a while, so I guess it is time

The methods used for financial transaction on the web evidently are not that secure any more. New exploits have made updates in the Transport Level components of secured log-in's.

If anyone reading this has a simple explanation of the issue please explain it.

1 posted on 05/29/2018 6:48:37 AM PDT by Texas Fossil
[ Post Reply | Private Reply | View Replies]

To: Texas Fossil

Upgrade:

Old bugs taken out. New bugs put in..........................


2 posted on 05/29/2018 6:53:03 AM PDT by Red Badger (Remember all the great work Obama did for the black community?.............. Me neither.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Texas Fossil

Bet the new security measures have already been hacked.


3 posted on 05/29/2018 6:55:19 AM PDT by bgill (CDC site, "We don't know how people are infected with Ebola.")
[ Post Reply | Private Reply | To 1 | View Replies]

To: bgill

possibly


4 posted on 05/29/2018 7:21:42 AM PDT by Texas Fossil ((Texas is not where you were born, but a Free State of Heart, Mind & Attitude!))
[ Post Reply | Private Reply | To 3 | View Replies]

To: Red Badger

I suspect that is true.


5 posted on 05/29/2018 7:22:09 AM PDT by Texas Fossil ((Texas is not where you were born, but a Free State of Heart, Mind & Attitude!))
[ Post Reply | Private Reply | To 2 | View Replies]

To: Texas Fossil

Just stop accepting Credit Cards, why would anyone pay a banker a fee just to get paid in the first place??

Credit Card theft and Identity theft are the same as pregnancy and AIDS, Abstinence works EVERY TIME it is tried.


6 posted on 05/29/2018 7:28:05 AM PDT by eyeamok
[ Post Reply | Private Reply | To 1 | View Replies]

To: Texas Fossil

The real reason?

The Treasury Department needs better security.........................in tracking your purchases.....................


7 posted on 05/29/2018 7:39:09 AM PDT by Red Badger (Remember all the great work Obama did for the black community?.............. Me neither.)
[ Post Reply | Private Reply | To 5 | View Replies]

To: Texas Fossil

yeah, i’m gonna fire my wireshark right up and analyze raw packets ... not a helpful article at all ... here’s an easier way:

In Internet Explorer, goto “Internet Options” => Advanced Settings => “Security” and disable all security protocols except TLS 1.2, and then see which https sites break (including your own if you have one) ...


8 posted on 05/29/2018 7:40:38 AM PDT by catnipman ((Cat Nipman: Vote Republican in 2012 and only be called racist one more time!))
[ Post Reply | Private Reply | To 1 | View Replies]

To: catnipman

I do not run Windows.

I do have Wireshark on my computer.


9 posted on 05/29/2018 7:42:08 AM PDT by Texas Fossil ((Texas is not where you were born, but a Free State of Heart, Mind & Attitude!))
[ Post Reply | Private Reply | To 8 | View Replies]

To: Red Badger

Well, that is exactly what I was expecting. Very likely the “real” reason for it.


10 posted on 05/29/2018 7:43:18 AM PDT by Texas Fossil ((Texas is not where you were born, but a Free State of Heart, Mind & Attitude!))
[ Post Reply | Private Reply | To 7 | View Replies]

To: eyeamok

Yes. agree.

But I don’t have a business that is related in any form to the internet.

This only affects me as far as personal security matters on the web.

I receive no funds via credit cards.

This is more than just for financial transactions. It does affect being tracked on the web.


11 posted on 05/29/2018 7:45:54 AM PDT by Texas Fossil ((Texas is not where you were born, but a Free State of Heart, Mind & Attitude!))
[ Post Reply | Private Reply | To 6 | View Replies]

To: Texas Fossil

There are plenty of enterprise devices that had 56 bit encryption built into the system. For some of these (e.g. certain older SANs) you either have to use an old browser, or wheel a crash cart and plug directly into the serial port. Major pain.


12 posted on 05/29/2018 7:49:15 AM PDT by Dr. Sivana (There is no salvation in politics.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Texas Fossil

“I do not run Windows.”

same thing can be done with firefox, but more complicated for average computer user to make the settings changes ...


13 posted on 05/29/2018 8:06:05 AM PDT by catnipman ((Cat Nipman: Vote Republican in 2012 and only be called racist one more time!))
[ Post Reply | Private Reply | To 9 | View Replies]

To: eyeamok

“Just stop accepting Credit Cards, why would anyone pay a banker a fee just to get paid in the first place?? “

HMMMM


14 posted on 05/29/2018 8:11:13 AM PDT by TexasGator (Z1)
[ Post Reply | Private Reply | To 6 | View Replies]

To: catnipman

Firefox can run in Windows but Windows cannot run in firefox


15 posted on 05/29/2018 8:13:25 AM PDT by TexasGator (Z1)
[ Post Reply | Private Reply | To 13 | View Replies]

To: Texas Fossil

We’ve spent a huge amount of time at the company I work for remediating TLS.


16 posted on 05/29/2018 8:15:22 AM PDT by zeugma (Power without accountability is fertilizer for tyranny.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: zeugma

Thank you. I think there is legal liability for companies that do business on the web concerning this. That is probably why it is happening.

I have no ideal how risky for an individual it is. This deadline date was know long ago. So it is not driven by recent threats.

My solution may be a clean install of a new Linux distribution. One that is out of the box very secure.

I hate backingup for the clean install, but my current distribution has ceased to be something that can be updated.


17 posted on 05/29/2018 9:18:10 AM PDT by Texas Fossil ((Texas is not where you were born, but a Free State of Heart, Mind & Attitude!))
[ Post Reply | Private Reply | To 16 | View Replies]

To: catnipman

I can make the settings changes in Firefox. The sites that have notified me of this assume my version is dated. It is not that old. But I think it has to do with TLS in the install. I’ve never used SSL with it, only TLS.


18 posted on 05/29/2018 9:20:09 AM PDT by Texas Fossil ((Texas is not where you were born, but a Free State of Heart, Mind & Attitude!))
[ Post Reply | Private Reply | To 13 | View Replies]

To: Dr. Sivana

thanks.

hee hee hee


19 posted on 05/29/2018 9:21:08 AM PDT by Texas Fossil ((Texas is not where you were born, but a Free State of Heart, Mind & Attitude!))
[ Post Reply | Private Reply | To 12 | View Replies]

To: Texas Fossil
How do you do backups? I use 'backintime', which uses rsync to an external drive. I have it backup /home, /etc, and /var/www. That gets everything important. When I build a new box from scratch, I just restore /home and /var/www. I backup /etc as a reference. It's not entirely safe to restore that.

It takes an hour to build the box. A bit longer than that to do the initial load of updates, then do the restore overnight whilst I sleep. Next morning, I have a box ready to go. (minus some support programs that I discover I'm missing as time goes by and I re-add them.

Someday, I'm actually going to be smart and keep an accurate list of the other packages I install over time. Never have been able to really manage that because I'm lazy.

BTW, using backintime makes it really easy to make a backup for offsite storage. I hook up the external drive for offsite backup, umount /backup, then mount the drive to /backup. Since I run a full backup every night, the next morning I'll umount /backup, mount the original /backup device, and I'm ready to go.

20 posted on 05/29/2018 9:36:10 AM PDT by zeugma (Power without accountability is fertilizer for tyranny.)
[ Post Reply | Private Reply | To 17 | View Replies]


Navigation: use the links below to view more comments.
first 1-2021-27 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson