Articles about ssl

Soup Nazi

No root for you! Google slams door on Symantec certs

The four-month row between Google and Symantec over SSL certificate issuing has just gone nuclear, with the Chocolate Factory making good on its threats and beginning a blockade. "Over the course of the coming weeks, Google will be moving to distrust the 'Class 3 Public Primary CA' root certificate operated by Symantec …
Iain Thomson, 11 Dec 2015

Free HTTPS certs for all – Let's Encrypt opens doors to world+dog

How-to The Let's Encrypt project has opened to the public, allowing anyone to obtain free TLS certificates and set up HTTPS websites in a few simple steps. It's a major leap forward in encrypting the world's web traffic, keeping people's information and browser histories out of the hands of eavesdroppers and and other miscreants. …

CloudFlare intros HTTP/2, so we can ‘spend holiday time with our family’

CloudFlare is introducing HTTP/2 support for all of its users, to be available on all SSL/TLS connections – while still supporting SPDY – so netizens can spend more time with their families instead of waiting for pages to load this Christmas. Talking to The Register on Tuesday night, CloudFlare CEO Matthew Prince explained the …

Fuming Google tears Symantec a new one over rogue SSL certs

Google has read the riot act to Symantec, scolding the security biz for its slapdash handling of highly sensitive SSL certificates. In September it emerged that Symantec's subsidiary Thawte generated a number of SSL certs for internal testing purposes. One of these certificates masqueraded as a legit cert for Google.com, …
Iain Thomson, 29 Oct 2015
Cartoon man with hat and tie. Facial features replaced by question mark.

Cobweb 'fesses up to failure to renew SSL certificate

Cloudy service provider Cobweb Solutions has 'fessed up to failing to renew its SSL certificate, leaving a number of its customers potentially exposed. The lack of a protocol for secure communication only came to light after one of Cobweb's customers got in touch to report the issue. Adrian Smith, security consultant, …
Kat Hall, 23 Oct 2015
shutterstock_192561857-cat-

O2 joins Virgin Media as member of weak crypto software club

It turns out that Virgin Media isn't the only telco still using the weak RC4 stream cipher on the more sensitive areas of its website. Step forward O2, which is also stuck on the broken SSL system. The mobile carrier, as spotted by Reg reader Stephen, still transfers customer bank details over the weak crypto algorithm. If …
Kelly Fiveash, 21 Oct 2015
Fake certificate

Faked NatWest, Halifax bank sites score REAL security certs

UK Banks Halifax and NatWest are among organisations targeted by fake sites that have won SSL certificates from certification authorities (CAs). Netcraft says certifiers who should know better – such as Symantec, Comodo, CloudFlare's certification partner GlobalSign and GoDaddy – have handed out certs to sites like …
Simon Sharwood, 13 Oct 2015

So how do Google's super-smart security folk protect their data?

It's a question that occurs to many of us: if digital security is such a minefield, how do you keep your personal data safe? One person who knows about the risks is Adam Langley. As a security engineer at Google, he makes key decisions about how your data is spread around the internet. He also has access to systems that would …
Kieren McCarthy, 24 Sep 2015

Symantec fires staff caught up in rogue Google SSL cert snafu

Symantec has fired some employees after Google engineers noticed rogue SSL certificates issued in the web goliath's name. Thawte, Symantec's certificate authority subsidiary, produced a small number of security certificates intended for internal testing. Worryingly, in the wrong hands, these certificates could have been used …
John Leyden, 21 Sep 2015

John McAfee launches cert authority but it's got a POODLE problem

Eccentric infosec man John McAfee is now the proprietor of a Certificate Authority named BlackCert. Fresh from a shootout friendly discussion with police over drug and firearm possession, the one-time anti-virus boss has made what is badged as a disruptive play into SSL. BlackCert will offer unlimited use of SSL certificates …
Darren Pauli, 13 Aug 2015
Compressed version of Log Jam

'Logjam' crypto bug could be how the NSA cracked VPNs

Updated A team led by Johns Hopkins crypto researcher Matthew Green* thinks they might have an explanation for how the NSA attacked VPN services: flaws in how TLS implements Diffie-Hellman crytography. In what's bound to be the next big branded bug, Green says servers that support 512-key “export-grade” Diffie-Hellman (DH) can be …

IETF updates TLS/SSL best practice guidance

Do: start rolling TLS 1.3, support TLS 1.2, and DTLS 1.2. Don't: negotiate sessions using TLS 1, TLS 1.1, SSL 2 or SSL 3. Those are the Internet Engineering Task Force's latest recommendations, set out in RFC 7525, Recommendations for Secure Use of Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS). …
Reliance free internet from Internet.org

Zuck'ed up: Facebook opens up free internet in India – but bans HTTPS

Facebook's Internet.org has loosened the stranglehold on its free internet service in India and other countries. Now potentially any website can be accessed for free via the service as long as the site ditches HTTPS, JavaScript, and other things. The social network offers free mobile internet access to people in India, …
Shaun Nichols, 4 May 2015

Instagram's HTTPS cert expires, millions of crap photographers panic

Instagram's SSL certificate has expired, showing the urine-filled-swimming-goggles-vision site's supposed commitment to security seems to have been a bit of a filter-job. Instagram first rolled out HTTPS in 2014 when a vulnerablity was reported by InfoSec specialist Mazin Ahmed. Ahmed used Wireshark to captured unencrypted …

Man-in-the-Middle diddle hits 25,000 iOS apps

Some 25,000 iOS apps are exposed to man-in-the-middle attacks thanks to vulnerabilities in the popular AFNetworking library. The now-fixed Secure Sockets Layer (SSL) bug is the latest found in the library which has been patched three times since March. US firm SourceDNA says the flaw existed in code that was near a previous …
Darren Pauli, 28 Apr 2015
pipes

Web advertising giant (Google) to spew ads over web – using HTTPS

Google has vowed to serve ads over HTTPS from its massive advertising network. The move will make it easier for website owners to go fully SSL-protected, serving their webpages and ads over HTTPS rather than just the pages over HTTPS and mixing in ads over HTTP, which is insecure. It also means each ad and its link can't be …
Darren Pauli, 20 Apr 2015

Netflix's house of cards to be fortified with HTTPS appliance

Netflix will this year roll out HTTPS to keep customer's viewing habits secret. The streaming company's April earnings letter (PDF) says it will make the move because it "helps protect member privacy, particularly when the network is insecure, such as public wifi, and it helps protect members from eavesdropping by their ISP or …
Darren Pauli, 17 Apr 2015
The chinese characters for China as used in the new .中国  domain

Mozilla piles on China's SSL cert overlord: We don't trust you either

Firefox-maker Mozilla has joined Google in refusing to recognize SSL certificates issued by the China Internet Network Information Centre (CNNIC). This comes after a security biz in Egypt used a CNNIC-issued intermediate certificate to create unauthorized SSL certs that could be used to trick people into connecting to bogus, …

Create a news alert about ssl, or find more stories about ssl.

Biting the hand that feeds IT © 1998–2018