Filtered By Category: security

Note: Archived Content

This is the archived version of the Zoompf blog. Since our acquisition by Rigor, all our new research and posts on web performance are being published on The Rigor Blog

SSL Performance Diary #4: Optimizing the TLS Handshake

In our prior SSL Performance Diary post, Optimizing Data Encryption, we mentioned there are 2 areas of TLS that can harbor performance problems: Encrypting the data. Data sent back and forth between visiting web browsers and your web server must be encrypted and decrypted. If not configured properly, your page load times can become much […]

Read More

Explaining the CRIME weakness in SPDY and SSL

There is an interesting new security weakness discovered in SPDY and SSL/TLS that allows attackers to decrypt the session cookies for other websites. This weakness, known as CRIME, was discovered by Juliano Rizzo and Thai Duong. They will present their full findings at the Ekoparty Security Conference in Buenos Aires later this month. Since SPDY […]

Read More

Hacking Stoyan and the Importance of Web Security

(I found a security vulnerability in some code that Stoyan recently released. I worked with Stoyan to resolve the issue. Nothing in this post still works. Usually stuff like this happens all the time and is never made public. Stoyan has very graciously allowed me to discuss the issue publicly so others can learn and […]

Read More