Articles about certificates

User danger declines as two thirds of Chromistas now use HTTPS

Two in three web pages served over the world's favourite web browser Chrome are now secured with HTTPS, Google says. The good news applies to Chrome on the desktop and signifies progress in the long-hoped-for decline of insecure cleartext browsing. Chrome security bods Adrienne Porter Felt and Emily Schechter say all …
Darren Pauli, 7 Nov 2016
Image: Lessimol http://www.shutterstock.com/gallery-1612118p1.html

Google punts WoSign, StartCom from good guy certificate club

Google is set to jettison certificate authorities WoSign and StartCom next year in a move that shores up wider efforts to neuter the two companies. Mountain View's move follows public announcements by Mozilla and Apple that they would not trust the authorities' certificates after the pair the pair incorrectly issued base …
Darren Pauli, 2 Nov 2016
Facepalm by https://www.flickr.com/photos/the-magic-tuba-pixie/ cc 2.0 attribution generic https://creativecommons.org/licenses/by/2.0/

Trend Micro: Internet scum grab Let's Encrypt certs to shield malware

Updated It was inevitable. Trend Micro says it has spotted crooks abusing the free Let's Encrypt certificate system to smuggle malware onto computers. The security biz's fraud bod Joseph Chen noticed the caper on December 21. Folks in Japan visited a website that served up malware over encrypted HTTPS using a Let's Encrypt-issued cert …
big dog little dog, image Shutterstock

Speaking in Tech: Is Dell's EMC acquisition doomed, or just too big to fail?

Podcast speaking_in_tech Greg Knieriemen podcast enterprise Hosted by Greg Knieriemen, Ed Saipetch and Sarah Vela. This week, with Sarah still on her travels, Amy Lewis joins Eddie and Greg to talk Dell/EMC, storage stocks, the wild world of storage (featuring Pure and Nimble), and bad certificates. Our special guest this week is …
Team Register, 25 Nov 2015

Comodo kills 'forbidden' certs

Certificate authority Comodo has revoked a bunch of certificates issued by mistake, which included reserved IP addresses and internal server names. In announcing its discovery to the Certificate Authority and Browser Forum's (CA/B) mailing list, here, the CA's senior R&D scientist Rob Stradling wrote there are other non-Comodo …
Let's Encrypt browser certificate

Let's Encrypt announces browser integration

Let's Encrypt has announced that it's received cross-signatures from IdenTrust. The free-certificates-for-all venture, set up by researchers, the EFF, and a bunch of supporting vendors, says the cross-signatures mean the major browsers can now receive Let's Encrypt certificates without throwing an error. The cross-signatures …

Sites cling to a million flawed, fading SHA-1 certificates: Netcraft

British security bod Paul Mutton says scores of websites including big ticket companies like Deloitte are among a million outfits using outdated and vulnerable SHA-1-coded certificates which researchers have recently badged deceased. The hash function was this month busted by a crypto cadre with $US75,000 of cloud computing …
Darren Pauli, 20 Oct 2015
Hammer, spanner and screw

Vapourware no more: Let's Encrypt announces first cert dates

The Mozilla-backed Let's Encrypt effort is moving out of its vapourware phase, announcing general availability for September 2015 and an intention to issue its first certificate in the week of July 27. Launched last year by Mozilla, the Electronic Frontier Foundation (EFF) and Cisco, Let's Encrypt's aim is to create no-charge …
The chinese characters for China as used in the new .中国  domain

Mozilla piles on China's SSL cert overlord: We don't trust you either

Firefox-maker Mozilla has joined Google in refusing to recognize SSL certificates issued by the China Internet Network Information Centre (CNNIC). This comes after a security biz in Egypt used a CNNIC-issued intermediate certificate to create unauthorized SSL certs that could be used to trick people into connecting to bogus, …

Microsoft scrambles to kill Live.fi man-in-the-middle diddle

Microsoft is firing off updates to kill a fake certificate that can be used to create a convincing man-in-the-middle attack against its Live services. Certificate Authority Comodo has killed the bad cert, which it issued, and now Redmond is following suit by updating its revocation list for Windows platforms. "Microsoft is …
Darren Pauli, 17 Mar 2015

BitDefender bit trip slaps 'valid' on revoked certs

Bitdefender is set to fix a security flaw in its products that meant revoked certificates for potentially malicious sites could be replaced with legitimate ones. The problem, which the security vendor considered a low-level threat, arose when revoked certificates were replaced with a BitDefender certificate for the purpose of …
Darren Pauli, 1 Mar 2015
Toilet

Sysadmins disposed of Heartbleed certs, but forgot to flush

Sysadmins' need for sleep and attempts to stop working at weekends have slowed down the response to Heartbleed, according to University of Maryland researchers – but more seriously, it's possible that a bunch of half-fixed websites retain some vulnerability to the bug. The problem, the researchers told the 2014 Internet …

FACEPALM! HP cert used to sign malware

HP accidentally signed some malware, according to Krebs on Security. Krebs reports that the certificate was “used to cryptographically sign software components that ship with many of its older products”, mostly for PC software, but that back in 2010 it was also used to sign some malware. HP will therefore revoke the …
Simon Sharwood, 12 Oct 2014

Mozilla certification revocation: 107,000 websites sunk by untrusted torpedo

Over 107,000 websites have been consigned to the depths of the untrusted internet after Mozilla's move last week to allow its 1024-bit certificates to expire. The latest shipment of Firefox 32 improved security by killing support for the 1024-bit certificate authority (CA) certificates within the browser's trusted store. …
Darren Pauli, 8 Sep 2014

Only '3% of web servers in top corps' fully fixed after Heartbleed snafu

A study of the public-facing web servers run by some of the world's largest firms has suggested only three per cent of the machines have been fully protected against the OpenSSL vulnerability known as Heartbleed. The research, carried out by security specialists at Venafi Labs, examined 550,000 servers belonging to 1,639 …
Iain Thomson, 29 Jul 2014
The Register breaking news

Browser makers rush to block fake Google.com security cert

Google and other browser vendors have taken steps to block an unauthorized digital certificate for the " *.google.com" domain that fraudsters could have used to impersonate the search giant's online services. According to a blog post by software engineer Adam Langley, Google's Chrome team first discovered a site using the …
The Register breaking news

New hack on Comodo reseller exposes private data

Yet another official reseller of SSL certificate authority Comodo has suffered a security breach that allowed attackers to gain unauthorized access to data. Brazil-based ComodoBR is at least the fourth Comodo partner to be compromised this year. In March, the servers of a separate registration authority were hacked by attackers …
Dan Goodin, 24 May 2011
The Register breaking news

Another 0.03% of Blighty goes wind powered

The largest onshore windfarm in Europe goes fully on line today, and a massive offshore scheme in the Thames Estuary will now move ahead. But experts have warned that many hundreds more such projects will be required - at massive cost to electricity users - if the UK is to shake its dependence on fossil fuels. The onshore …
Lewis Page, 20 May 2009

Create a news alert about certificates, or find more stories about certificates.

Biting the hand that feeds IT © 1998–2017