Stories by Ellen Messmer

Google's plan for Chrome worries certificate authority vendors

Google intends to make changes in its Chrome browser later this year that would have Chrome display a warning on websites using certificates based on the secure hash algorithm, SHA-1. Google wants to do this to get websites migrating to the stronger SHA-2 algorithm for certificates, which is not as easy to break through raw computing power.

Ellen Messmer | 05 Sep | Read more

NIST issues Best Practices on how to best use Secure Shell software

The Secure Shell (SSH) protocol and software suite is used by millions of system administrators to log into application and service accounts on remote servers using authentication methods that include passwords, tokens, digital certificates and public keys. But when improperly managed, SSH keys can be used by attackers to penetrate the organization's IT infrastructure.

Ellen Messmer | 03 Sep | Read more

Can SDN usher in better IT security?

That software-defined networking (SDN) is a coming reality is starting to gain traction in IT security circles, with some vendors arguing it could lead to a level of interoperability in security largely missing at present.

Ellen Messmer | 30 Aug | Read more

Certificate Authority Security Council backs SSL server rules taking effect Nov. 1

As a safety precaution to prevent SSL server certificates being exploited for network man-in-the-middle attacks on organizations, vendors that issue SSL server certificates will begin adhering to new issuance guidelines as of Nov. 1. These new rules, as described by members of the industry group Certificate Authority/Browser Forum, mean certificate authorities (CAs) will not issue certificates that contain "internal names" and expire after Nov. 1, 2015.

Ellen Messmer | 16 Aug | Read more