Security update

Home > Blog > Security update

We would like to inform you about technical changes that took place which increase the security of Formdesk.

Last week, the Formdesk domains moved to a DNS server from TransIP. This move enabled us to use certain facilities that are not offered by many DNS servers. The first 2 paragraphs below relate to this.

DNSSEC

DNSSEC is a cryptographic security that adds an additional layer of protection to the existing DNS protocol. The Domain Name System (DNS) manage the translation of domain names to IP addresses. For example, your computer (the client) must consult a name server for the address www.formdesk.com before contacting the web server at the IP address 62.204.92.157. But e-mail also uses this system.

DNSSEC is a cryptographic security for the DNS protocol. Clients receive the name-server address information provided with a digital signature. This will protect the integrity of the name server and the transfer of the DNS information. The profit of DNSSEC? If an attacker succeeds to change the DNS information on the way or at the client (DNS spoofing), the internet user can be lead to an identical but false web server. That way, confidential information can be stolen. DNSSEC protects the name server and transport of the DNS information.

DNS CAA

A Certificate Authority Authorization record, or a CAA DNS record, can indicate which certificate issuers (Certificate Authorities) may issue certificates for the particular domain. A CA is deemed to verify a CAA record for the particular domain and is listed there when applying for a certificate. This prevents false or fraudulent certificates from being issued.

3DES cipher

SSL encryption (HTTPS) uses different encryption algorithms, so-called ciphers. The strongest encryption is chosen, limited by the client, older browsers and operating systems often not having strong encryption capabilities. A server offers a variety of ciphers in a cipher suite. At a certain moment a cipher is cracked and labeled as weak. Since recent this is the case for 3DES ciphers and therefore we removed the TLS_RSA_WITH_3DES_EDE_CBC_SHA cipher from the suite. As a result, no forms can be sent encrypted when using Windows XP in conjunction with Internet Explorer 8.

Share this page