Articles about digital certificate

Comodo database glitch causes billing problems

Updated While the rest of the world had its eyes firmly on the WannaCrypt outbreak, digital certificate firm Comodo suffered an unrelated but protracted database problem that affected its billing systems. The Register learned of the issue from reader Ian Barber who came across the problem in the process of getting a new SSL …
John Leyden, 19 May 2017
Man thumbs down, image via Shutterstock

Time's up for SHA-1 hash algo, but one in five websites still use it

One in five websites (21 per cent) are still using certificates signed with the vulnerable SHA-1 hash algorithm, according to a new survey. Reliance on the obsolete hashing technology leaves companies at greater risk of security breaches and compliance problems, certificate management firm Venafi warns. Venafi's latest study …
John Leyden, 8 Mar 2017
Let's Encrypt browser certificate

Let's Encrypt ups rate limits

Let's Encrypt has revised its rate limits to make life easier for large organisations and hosting providers who use its services. The certificate authority set up rate limits for cert creation as a defence against hacker interference and denial of service attacks. However the limitation created problems for internet service …
John Leyden, 18 Aug 2016

Crimestoppers finally revamps weak crypto. Take your time guys

UK crime tip-off service Crimestoppers has revamped its weak website crypto after months of running a system that relied upon obsolete protocols. Crimestoppers "secure" form was previously insecure – rating an “F” in tests using the industry standard SSL Labs service last month – chiefly because of the site’s use of the SSLv2 …
John Leyden, 20 Nov 2015

Symantec/GeoTrust revokes some SSL certificates for .pw TLD

Symantec-owned certificate authority GeoTrust has revoked some SSL certificates for a small number of (unspecified) .pw domains. Digital certificates for addresses using the top-level domain are still available from other providers. Symantec said it will continue to offer organisations extended validation certificates for the …
John Leyden, 11 Sep 2015

Feared OpenSSL vulnerability gets patched, forgery issue resolved

The promised patch against a high severity bug in Open SSL is out, resolving a certificate forgery risk in many implementations of the crypto protocol. Versions 1.0.1n and 1.0.2b of OpenSSL need fixing to resolve a bug that created a means for hackers to run crypto attacks that circumvent certificate warnings, as an advisory …
John Leyden, 9 Jul 2015

Spanish election site in security cert warning screwup snafu

Updated Website crypto problems on the Spanish online voting registration website are causing it to generate all manner of security warnings. Attempts to visit the sede.ine.gob.es site – run by Spain's National Statistics Institute and introduced this year for municipal/regional elections – typically lead to users being confronted …
John Leyden, 13 Apr 2015
Printed key

2016: Robo-butlers, flying cars, and Google's internet Terminators hunting SHA-1 SSL certs

Google Chrome will flag up websites with SHA-1 SSL certificates as insecure – and that's a huge policy change which ought to kick businesses into action, says an expert in digital certificates. Only 15 per cent of sites use SHA-256 certificates, the replacement for SHA-1, according to stats from SSL Pulse. This means plenty of …
John Leyden, 10 Sep 2014
The Register breaking news

Crooks, think your Trojan looks legit? This one has a DIGITAL CERTIFICATE

Updated Security researchers have discovered a banking Trojan that comes with its own built-in digital certificate. The Brazilian banking password-sniffer was signed with a valid digital certificate issued by DigiCert, MalwareBytes reports. DigiCert responded promptly to inquiries by El Reg to confirm it had a had pulled the offending …
John Leyden, 5 Feb 2013
The Register breaking news

Trustwave admits crafting SSL snooping certificate

Certificate Authority Trustwave has revoked a digital certificate that allowed one of its clients to issue valid certificates for any server, thereby allowing one of its customers to intercept their employees' private email communication. The skeleton-key CA certificate was supplied in a tamper-proof hardware security module ( …
John Leyden, 9 Feb 2012
The Register breaking news

DigiNotar goes titsup: Disgraced certificate firm is sunk

Disgraced digital certificate firm DigiNotar has filed for bankruptcy in The Netherlands. Hackers broke into DigiNotar's systems in June before creating forged digital certificates in the names of Google and other high-profile targets. The forged Google.com SSL credentials were used to spy on 300,000 Iranian internet users, …
John Leyden, 20 Sep 2011
The Register breaking news

Xbox Live billing site snubs Firefox

Customers visiting an Xbox Live billing site with Firefox are liable to get a false warning that Microsoft's digital certificate is "invalid". The certificate is fine and IE users are unaffected by the glitch, which represents the reappearance of an intermittent bug limited to gamers who use Mozilla's open source browser. Reg …
John Leyden, 3 Aug 2010
For Sale sign detail

Cert snafu leaves Office 2003 locked out of files

A cryptographic bug in Microsoft Office 2003 bug left enterprise users locked out of files. The snag involved files protected using Microsoft's Rights Management Service (RMS), a technology for controlling who can access or modify documents. The snafu - which left corporate users in the frustrating position of being unable to …
John Leyden, 14 Dec 2009
padlock

Gears of War grind to halt

A digital certificate that expired Wednesday ground Gears of War to a halt last week, leaving many unable to launch the original PC-version of the first person shooter until Epic Games works out a fix. The online cheat detection used in Gears relies on a Windows digital certificate that expired January 28, 2009. Gamers …
Austin Modine, 2 Feb 2009
The Register breaking news

CA issues no-questions asked Mozilla cert

Security researchers have uncovered weaknesses in low-assurance digital certificates that create a means for miscreants to mount more convincing man-in-the-middle (MITM) attacks. MITMs involve a hacker planting himself between two parties in a dialogue, relaying messages between them and effectively controlling the …
John Leyden, 29 Dec 2008
arrow pointing up

GlobalSign revokes cert of rogue security app

GlobalSign has revoked the digital certificate of a rogue security application, which acquired the veneer of respectability by parading the credentials while trying to scam users. Antivirus XP 2008, identified as malware by Sunbelt Software and other security firms, was digitally signed by Globalsign. Alerted by The Register …
John Leyden, 16 Aug 2008
The Register breaking news

How poor crypto housekeeping left OpenID open to abuse

Slipshod cryptographic housekeeping left some OpenID services far less secure than they ought to be. OpenID is a shared identity service that enables users to eliminate the need for punters to create separate IDs and logins for websites that support the service. A growing number of around 9,000 websites support the …
John Leyden, 13 Aug 2008
channel

Comodo snags PSC anti-malware tech

Comodo is buying the technology assets of second-tier anti-malware firm Privacy Software Corporation. Financial details were not disclosed. Comodo, which is best known for its digital certificate business, plans to use PSC's technology to bolster its desktop security portfolio. It will also continue to market PSC's NSClean, IE …
John Leyden, 2 Apr 2007

Create a news alert about digital certificate, or find more stories about digital certificate.

Biting the hand that feeds IT © 1998–2017