HackDig : Dig high-quality web security articles for hacker

Already on probation, Symantec issues more illegit HTTPS certificates

reader comments 43 Share this story A security researcher has unearthed evidence showing that three browser-trusted certificate authorities (CAs) owned and operated by Symantec improperly issued more than 100 unvalidated transport layer security certificates. In some cases, those certificates made it possible to spoof HTTPS-protected w
Publish At:2017-01-21 11:20 | Read:4578 | Comments:0 | Tags:Law & Disorder Risk Assessment certificate authorities PKI P

800-pound Comodo tries to trademark upstart rival’s “Let’s Encrypt” name

Comodo, the world's biggest issuer of browser-trusted digital certificates for websites, has come under fire for registering trademarks containing the words "let's encrypt," a phrase that just happens to be the name of a nonprofit project that provides certificates for free.In a blog post, a Let's Encrypt senior official said Comodo has filed applications wi
Publish At:2016-06-24 20:05 | Read:2348 | Comments:0 | Tags:Law & Disorder Risk Assessment certificate authorities comod

HTTPS certificates with forbidden domains issued by “quite a few” CAs

Browser-trusted certificate authority (CA) Comodo said it mistakenly issued transport layer security credentials for "mailarchive," "help," and at least five other forbidden names and warned that "quite a number" of unnamed competitors have committed similar violations.The non-compliant certificates are forbidden under the baseline requirements enforced by t
Publish At:2015-11-09 18:35 | Read:3554 | Comments:0 | Tags:Law & Disorder Risk Assessment Technology Lab cabforum certi

Still fuming over HTTPS mishap, Google makes Symantec an offer it can’t refuse

Google has given Symantec an offer it can't refuse: give a thorough accounting of its ailing certificate authority process or risk having the world's most popular browser—Chrome—issue scary warnings when end users visit HTTPS-protected websites that use Symantec credentials.The ultimatum, made in a blog post published Wednesday afternoon, came five weeks aft
Publish At:2015-10-29 12:25 | Read:2627 | Comments:0 | Tags:Risk Assessment Technology Lab certificate authorities googl

Congress Looking Into Restricting Power of Government-Owned CAs

UPDATE–As the debate over potential government interference with encryption technologies rages in countries around the world, Congress is now going down a different path, asking technology companies whether it’s feasible and potentially effective for certificate authorities to restricting the way that government-owned CAs can issue certificates.M
Publish At:2015-06-10 23:55 | Read:1852 | Comments:0 | Tags:Apple Cryptography Government Web Security certificate autho

Google ‘Sunsetting’ Weak SHA-1 Crypto Algorithm

Google announced Friday it will begin the process of phasing out the obsolete SHA-1 cryptographic hash algorithm with the upcoming release of version 39 of the company’s Chrome browser in November.After the November release, Chrome will no longer fully trust sites whose certificate chains trust SHA-1 and extend beyond Jan. 1, 2017. Sites with SHA-1 cer
Publish At:2014-09-09 11:40 | Read:2410 | Comments:0 | Tags:Cryptography Web Security certificate authorities chrome Cry

Mozilla 1024-Bit Cert Deprecation Leaves 107,000 Sites Untrusted

When Firefox 32 shipped this week, Mozilla also officially ended its support of 1024-bit certificate authority certificates in its trusted store.While it still takes a considerable amount of resources to factor and crack a 1024-bit RSA key, important organizations such as NIST have been advising organizations to move to 2048-bit keys or higher going as far b
Publish At:2014-09-06 00:40 | Read:3578 | Comments:0 | Tags:Cryptography Web Security 1024-bit CA certificates 1024-bit


Share high-quality web security related articles with you:)


Tag Cloud