Articles about secure sockets layer

The Register breaking news

Did Google certificate forgers hit hundreds more sites?

The hack attack that minted a fraudulent authentication credential for Google.com may have affected hundreds of other websites, a review of source code for Google's Chromium browser suggests. A side-by-side review comparing code contained in an upcoming version of Chrome increased the number of secure sockets layer certificates …
Dan Goodin, 30 Aug 2011
The Register breaking news

World ostracizes firm that issued bogus Google credential

A counterfeit credential authenticating Gmail and other sensitive Google services was the result of a network intrusion suffered by DigiNotar, the parent company of the Netherlands-based certificate authority said in a press release that raised disturbing new questions about security on the internet. Tuesday's disclosure by …
Dan Goodin, 30 Aug 2011
The Register breaking news

Fraudulent Google credential found in the wild

Security researchers have discovered a counterfeit web certificate for Google.com circulating on the internet that gives attackers the encryption keys needed to impersonate Gmail and virtually every other digitally signed Google property. The forged certificate was issued on July 10 to digitally sign Google pages protected by …
Dan Goodin, 29 Aug 2011
The Register breaking news

Web authentication authority suffers security breach

Yet another web authentication authority has been attacked by hackers intent on minting counterfeit certificates that would allow them to spoof the authenticated pages of high-profile sites. Israel-based StartCom, which operates StartSSL, suffered a security breach that occurred last Wednesday, the company said in a tersely …
Dan Goodin, 21 Jun 2011
The Register breaking news

Android app brings cookie stealing to unwashed masses

A developer has released an app for Android handsets that brings website credential stealing over smartphones into the script kiddie realm. FaceNiff, as the Android app is called, can be used to steal unencrypted cookies on most Wi-Fi networks, giving users a point-and-click interface for stealing sensitive authentication …
Dan Goodin, 3 Jun 2011
The Register breaking news

New hack on Comodo reseller exposes private data

Yet another official reseller of SSL certificate authority Comodo has suffered a security breach that allowed attackers to gain unauthorized access to data. Brazil-based ComodoBR is at least the fourth Comodo partner to be compromised this year. In March, the servers of a separate registration authority were hacked by attackers …
Dan Goodin, 24 May 2011
The Register breaking news

How is SSL hopelessly broken? Let us count the ways

Analysis Every year or so, a crisis or three exposes deep fractures in the system that's supposed to serve as the internet's foundation of trust. In 2008, it was the devastating weakness in SSL, or secure sockets layer, certificates issued by a subsidiary of VeriSign. The following year, it was the minting of a PayPal credential that …
Dan Goodin, 11 Apr 2011
The Register breaking news

Browser add-on updated to slaughter Firesheep

The Electronic Frontier Foundation has updated its popular web browser security tool to guard against attacks waged by the Firesheep script-kiddie snoop kit. HTTPS Everywhere 0.9.0 has been updated to force websites such as Facebook and Twitter to activate a secure flag in cookies used to authenticate users on those websites, …
Dan Goodin, 23 Nov 2010
The Register breaking news

Firefox extension detects FireSheep snoop software

Researchers from security firm Zscaler have published free software that detects when users' web connections are being monitored by a controversial tool that steals log-in credentials from Facebook, Google and dozens of other websites. Dubbed BlackSheep, the Firefox extension alerts users when computers on a local area network …
Dan Goodin, 8 Nov 2010
The Register breaking news

Hacker pokes new hole in secure sockets layer

Website encryption has sustained another body blow, this time by an independent hacker who demonstrated a tool that can steal sensitive information by tricking users into believing they're visiting protected sites when in fact they're not. Unveiled Wednesday at the Black Hat security conference in Washington, SSLstrip works on …
Dan Goodin, 19 Feb 2009

Create a news alert about secure sockets layer, or find more stories about secure sockets layer.

Biting the hand that feeds IT © 1998–2017