Let’s Encrypt, Comodo blamed for issuing Apple, PayPal phishing SSL certificates
Phishers ramp up use of free digital certificates to trick victims into giving away their passwords.
Phishers ramp up use of free digital certificates to trick victims into giving away their passwords.
The US Government has warned organizations to take extra precautions when using TLS inspection software due to widespread problems with certificate validation.
Who better to verify that Google is Google than Google?
Google has started to roll out HTTP Strict Transport Security (HSTS) to prevent people from accidentally using the insecure version of Google's URLs.
Symantec needs to fully explain how it came to issue rogue digital certificates for Google domains or face the wrath of Google and a Chrome blockade.
Apple on Tuesday released its first security update for the Apple Watch, bringing Watch OS to 1.0.1 and fixing 14 security weaknesses.
Australians may be getting smarter about banking scams after new figures from Trend Micro saw the country fall out of list of the top 10 countries most affected by banking malware.
David Braue | 13 Aug | Read more
Microsoft has removed trust for digital certificates issued by an Indian government agency that exposed Windows users to man-in-the-middle attacks through fake Google and Yahoo domains.
The Internet was rocked this week by revelations that a critical vulnerability in OpenSSL has left Web traffic open to compromise for years. The Heartbleed bug has potentially serious security ramifications, and it's difficult--if not impossible--to know whether data has been exposed. In an effort to restore trust, and help organizations return to normal Web operations, Entrust is providing fresh certificates for customers at no cost.
Tony Bradley | 12 Apr | Read more
Education on the proper use of certificates is needed in the industry, analyst says
Antone Gonsalves | 15 Feb | Read more
Symantec today began offering multi-algorithm SSL certificates for Web servers that go beyond traditional crypto to include what's known as the Elliptic Curve Cryptography (ECC) Digital Signature Algorithm (DSA), which the firm says will be 10,000 times harder to break than an RSA-bit key. Certificates are used to prove site identity to the visitor through a validation check that involves the user's browser and the site certificate, and Symantec is making the argument that authentication will happen faster using this particular ECC algorithm.
Ellen Messmer | 13 Feb | Read more
Mozilla has revoked its trust for a Malaysian certificate authority that issued 22 Secure Sockets Layer certificates with 'weak keys', potentially making them available to spoof a legitimate website.
The world’s fifth largest issuer of SSL (secure sockets layer) certificates, Global Sign, has stopped issuing certificates following a claim that its systems were compromised.
The so-called Comodo Hacker has claimed credit for the breach of Dutch SSL (secure sockets layer) certificate authority DigiNotar, now known to be behind 531 forged certificates.
Besides the fraudulent security certificates Dutch authority DigiNotar issued for Google.com, more were made for Yahoo.com, Mozilla.org, torproject.org, wordpress.org and an Iranian blogging platform, Baladin, according to a Dutch report.