Articles about ssl

UK.gov law resources now untrustworthy, according to browsers

The SSL certificate on the criminal justice and court listing site justice.gov.uk expired yesterday, causing browsers to now warn users that their information is at risk. The site can still be accessed if users click through their browser's warnings, and contains resources on courts, procedure rules and offenders. It is …
Man types something into Mac while sipping a glass of lemon water. Not a brilliant idea. Photo by SHutterstock

Oops: LinkedIn country subdomains SSL cert just expired

Updated LinkedIn's country subdomain SSL certificate has expired – apparently as of about noon GMT today. According to the sslscan certificate testing tool, us.linkedin.com and all its altnames were no longer valid at the time of publication. The certificate issuer is DigiCert SHA2 Secure Server CA. The certificate for the naked …
Andrew Silver, 30 Nov 2017
Dutch windmill with tulips

Mozilla devs discuss ditching Dutch CA, because cryptowars

Concerns at the effect of The Netherlands' new security laws could result in the country's certificate authority being pulled from Mozilla's trust list. The nation's Information and Security Services Act will come into force in January 2018. The law includes metadata retention powers similar to those enacted in other countries …
Soup Nazi

Scotiabank internet whizzkids screw up their HTTPS security certs

The team behind Scotiabank's Digital Banking Unit isn't impressing some customers, after forgetting to renew the security certificates for their own website. The DBU was set up last year to sell "world class digital solutions" to electronic banking customers around the world. But Jason Coulls, CTO of food safety testing …
Iain Thomson, 8 Sep 2017
Shutterstock Man in the Middle

ARM’s embedded TLS library fixes man-in-the-middle fiddle

ARM's "mbed TLS" software can be tricked into an authentication bypass and needs a patch. Created by PolarSSL, which was acquired in February by ARM, mbed is a crypto library designed to make it easy for embedded system developers to add SSL/TLS capabilities to their products. As well as client-server models (that is, an …
channel

123-reg resolves secure database access snafu

UK-based hosting and domains provider firm 123-reg has fixed an issue that meant access to some customers' databases ran over an unsecured link, creating a privacy risk in the process. A reader and 123-reg hosting customer got in touch over the issue after failing to get action directly from the hosting firm over the problem, …
John Leyden, 28 Jun 2017
Apple

Apple finally teaches Android music app to validate certificates

If you're so much an Apple fan that you run Apple Music on Android devices, there's an upgrade to patch against a man-in-the-middle vulnerability. Eight months ago, Canadian security researcher David Coomber discovered that Apple Music for Android 1.2.1 and older doesn't validate the SSL certificates presented when logging …

Are you undermining your web security by checking on it with the wrong tools?

Your antivirus and network protection efforts may actually be undermining network security, a new paper and subsequent US-CERT advisory have warned. The issue comes with the use of HTTPS interception middleboxes and network monitoring products. They are extremely common and are used to check that nothing untoward is going on …
Kieren McCarthy, 17 Mar 2017
Cat in a small box photo via Shutterstock

One IP address, multiple SSL sites? Beating the great IPv4 squeeze

We're fresh out of IPv4 addresses. Getting hold of a subnet from your average ISP for hosting purposes is increasingly difficult and expensive, even the public cloud providers are getting stingy. While we wait for IPv6 to become usable, there are ways to stretch out the IPv4 space. There are several big problems with IPv6 that …
Trevor Pott, 1 Mar 2017
Bear attack

What do you give a bear that wants to fork SSL? Whatever it wants!

Into a world already crowded with big name alternatives to OpenSSL, an indy project could look like “yet another SSL implementation,” but Vulture South suspects there are good reasons to take a close look at the just-launched BearSSL. One is that its author, Thomas Pornin, has ignored the kinds of legacy protocols that occupy …

User danger declines as two thirds of Chromistas now use HTTPS

Two in three web pages served over the world's favourite web browser Chrome are now secured with HTTPS, Google says. The good news applies to Chrome on the desktop and signifies progress in the long-hoped-for decline of insecure cleartext browsing. Chrome security bods Adrienne Porter Felt and Emily Schechter say all …
Darren Pauli, 7 Nov 2016

GlobalSign screw-up cancels top websites' HTTPS certificates

Final update GlobalSign's efforts as a root certificate authority have gone TITSUP this afternoon – that's a total inability to support usual protocols. The result is that many websites big and small have had their HTTPS certificates incorrectly scrapped, meaning that for some people their browsers no longer trust websites and refuse or …

Intel's Crosswalk open source dev library has serious SSL bug

Developers using Intel's Crosswalk SSL library: it's time to patch and push out an upgrade. Crosswalk is a cross-platform library that supports deployment to Android, iOS and Windows Phone, but the bug is Android-specific. The library has a bug in how it handles SSL errors, and as a result, end users on Android could be …

WordPress pushes free default SSL for hosted sites

WordPress has deployed HTTPS for its hosted sites*, in what is a huge security boon for users. April statistics by W3techs found 26.3 percent of all content management systems run WordPress. Systems engineer Barry Abrahamson from WordPress' parent company Automattic says the roll out will be transparent and administrators …
Darren Pauli, 11 Apr 2016
Unlocked padlock

Security industry too busy improving security to do security right

The Payment Card Industry Security Standards Council (PCI SSC) has decided to delay the deadline for mandatory migration from Secure Sockets Layer (SSL) to Transport Layer Security (TLS). Earlier this year, the council decided the time to make the final cutover was June 2016. Now the council says it's just too hard for …
Simon Sharwood, 21 Dec 2015
Soup Nazi

No root for you! Google slams door on Symantec certs

The four-month row between Google and Symantec over SSL certificate issuing has just gone nuclear, with the Chocolate Factory making good on its threats and beginning a blockade. "Over the course of the coming weeks, Google will be moving to distrust the 'Class 3 Public Primary CA' root certificate operated by Symantec …
Iain Thomson, 11 Dec 2015

Free HTTPS certs for all – Let's Encrypt opens doors to world+dog

How-to The Let's Encrypt project has opened to the public, allowing anyone to obtain free TLS certificates and set up HTTPS websites in a few simple steps. It's a major leap forward in encrypting the world's web traffic, keeping people's information and browser histories out of the hands of eavesdroppers and and other miscreants. …

CloudFlare intros HTTP/2, so we can ‘spend holiday time with our family’

CloudFlare is introducing HTTP/2 support for all of its users, to be available on all SSL/TLS connections – while still supporting SPDY – so netizens can spend more time with their families instead of waiting for pages to load this Christmas. Talking to The Register on Tuesday night, CloudFlare CEO Matthew Prince explained the …

Create a news alert about ssl, or find more stories about ssl.

Biting the hand that feeds IT © 1998–2018