Articles about certificate

Certified and rejected stamps

Google to kill Symantec certs in Chrome 66, due in early 2018

Google has detailed its plan to deprecate Symantec-issued certificates in Chrome. The decision to end-of-life its trust for Symantec certificates was the outcome of a long tussle over dodgy certificates, which came to a head when certs for example.com and various permutations of test.com escaped into the wild. The absolute …
Judiciary.gov.uk's expired certificate snafu, as seen via Firefox

Google Chrome's HTTPS ban-hammer drops on WoSign, StartCom in two months

Update Google in two months will conclude its prolonged excommunication of misbehaving SSL/TLS certificate authorities WoSign and subsidiary StartCom, a punishment announced last October. Chrome security engineer Devon O'Brien, in a Google Groups post on Thursday, said Google last year began limiting its trust of certificates backed …
Two eggs hugging couple arranged in carton

Peace in our time! Symantec says it can end Google cert spat

Symantec is hoping to get its certificates back on Google's trust list. In March, an ongoing spat between the two companies came to a head. After a scandal in 2015 over three certs issued by Symantec subsidiary Thawte, the number grew to 23, then 164, then 2,458 within a month. Google decided in December 2015 to distrust the …
FACEPALM

Kaspersky fixing serious certificate slip

Updated Kaspersky is moving to fix a bug that disabled certificate validation for 400 million users. Discovered by Google's dogged bug-sleuth Tavis Ormandy, the flaw stems from how the company's antivirus inspects encrypted traffic. Since it has to decrypt traffic before inspection, Kaspersky presents its certificates as a trusted …

Second Dell backdoor root cert found

A second root certificate has been found in new Dell laptops days after the first backdoor was revealed. The DSDTestProvider certificate was first discovered by Laptopmag. It is installed through Dell System Detect into the Trusted Root Certificate Store on new Windows laptops along with the private key. Dell has been …
Darren Pauli, 25 Nov 2015

Superfish 2.0 worsens: Dell's dodgy security certificate is an unkillable zombie

Updated The rogue root certificate in new Dell computers – a certificate that allows people to be spied on when banking and shopping online – will magically reinstall itself even when deleted. El Reg can confirm that the eDellRoot root CA cert, discovered over the weekend, automatically reappears when removed from the Windows …
Shaun Nichols, 23 Nov 2015
Facepalm

Apple's OS X App Store downloads knackered by expired security cert

A forgotten security certificate renewal appears to be behind a series of failed downloads from Apple's App Store. Overnight, users who downloaded Mac apps from the firm's online storefront found they couldn't open the software. The problem appears to be a software certificate – designed to thwart piracy and verify programs …
Iain Thomson, 12 Nov 2015

Hardwired crypto certificate FAIL bricks Juniper router kit

Sysadmins with older Juniper Networks kit have been left scrambling to keep their networks running after a security certificate expiration bricked their boxen. The issue has been keeping mailing lists like AusNOG and J-NSP busy as users tried to work out whether it was a deliberate strategy to force people off the EOL gear – …
The Register breaking news

Opera network cracked

Opera is giving users the standard upgrade advice after a successful attack on its network allowed evil-doers to copy a software-signing certificate. As a result, they would be able to craft malware that would authenticate as coming from Opera. In this blog post, Opera's Sigbjørn Vik explains that the software company …

Microsoft coughs up compensation for Azure cloud cock-up

Microsoft has vowed to compensate users of its Azure cloud after an expired SSL certificate took the service offline. Victims of the Blue Sky of Death, which lasted 12 hours, will get credits as per their service-level agreement (SLA), the Redmond giant confirmed on its website. Windows Azure was knocked offline globally …
The Register breaking news

Cyberoam pushes fix for SSL vuln

Deep packet inspection company Cyberoam has issued a hotfix to its devices, after earlier asserting that its technology “followed industry best practices for SSL bridging”. The issue emerged when Tor Project researchers asserted that Cyberoam devices used the same skeleton certificate on all of its devices. This, the …
The Register breaking news

Certificate stolen from Malaysian gov used to sign malware

Researchers have discovered malware circulating in the wild that uses a private signing certificate belonging to the Malaysian government to bypass warnings many operating systems and security software display when end users attempt to run untrusted applications. The stolen certificate belongs to the Malaysian Agricultural …
Dan Goodin, 14 Nov 2011
The Register breaking news

Brit censor stamps on The Human Centipede

The British Board of Film Classification (BBFC) has stamped firmly on the DVD sequel to low-budget movie The Human Centipede, refusing to certify the second installment of director Tom Six's horror series. The BBFC explains that 2010's The Human Centipede saw "a mad scientist stitch together three victims face-to-bottom" to …
Lester Haines, 7 Jun 2011
The Register breaking news

Lad passes gruelling 'getting on bus' test

A Bury lad waiting for his GCSE results was somewhat surprised to learn he'd passed exam board AQA's stringent 'Using Public Transport (Unit 1)' test, which honours those able to "walk to the local bus stop, stand or sit at a bus stop, wait for the arrival of a public bus and sit on the bus and observe through the windows". …
Lester Haines, 14 Aug 2009

Create a news alert about certificate, or find more stories about certificate.

Biting the hand that feeds IT © 1998–2017