Articles about secure sockets layer

The Register breaking news

Security mandates aim to shore up shattered SSL system

A consortium of companies has published a set of security practices they want all web authentication authorities to follow for their secure sockets layer certificates to be trusted by browsers and other software. The baseline requirements (PDF), published this week by the Certification Authority/Browser Forum, are designed to …
Dan Goodin, 17 Dec 2011
The Register breaking news

Digital certificate authority suspends ops following breach

Websites belonging to a Netherlands-based issuer of digital certificates were unavailable following reports hackers penetrated their security and accessed databases that should have been off limits. Dutch telecommunications giant KPN issued a statement (translation here) that said it temporarily shut the website of it's Gemnet …
Dan Goodin, 8 Dec 2011
The Register breaking news

Google researchers propose fix for ailing SSL system

Security researchers from Google have proposed an overhaul to improve the security of the Secure Sockets Layer encryption protocol that millions of websites use to protect communications against eavesdropping and counterfeiting. The changes are designed to fix a structural flaw that allows any one of the more than 600 bodies …
Dan Goodin, 29 Nov 2011
The Register breaking news

Google mail crypto tweak makes eavesdropping harder

Google engineers have enhanced the encryption offered in Gmail, Google Docs, and other services to protect users against retroactive attacks that allow hackers to decrypt communications months or years after they were sent. The feature, a type of key-establishment protocol known as forward secrecy, ensures that each online …
Dan Goodin, 22 Nov 2011
The Register breaking news

SSL authority stops issuing certificates following breach

Yet another web authentication authority has stopped issuing secure sockets layer certificates after discovering a security breach that allowed hackers to store attack tools on one of its servers. Netherlands-based KPN Corporate Market said it was taking the action while it investigated the compromise, which may have taken …
Dan Goodin, 4 Nov 2011
The Register breaking news

Web credential authority rebuked for 'poor' security

Microsoft, Google, and Mozilla will banish yet another web authentication authority from their software after learning that it issued secure sockets layer certificates that could be used to attack people visiting Malaysian government websites. Digicert Malaysia, an intermediate certificate authority that was certified by parent …
Dan Goodin, 3 Nov 2011
The Register breaking news

(At least) 4 web authentication authorities breached since June

At least four web authentication authorities have reported being compromised in as many months, according to research from the Electronic Frontier Foundation that renews serious questions about a technology millions of websites rely on to remain secure. EFF Technology Projects Director Peter Eckersley compiled the data by …
Dan Goodin, 27 Oct 2011
The Register breaking news

Tool lets low-end PC crash much more powerful webserver

Hackers have released software that they say allows a single computer to knock servers offline by targeting a well-documented flaw in secure sockets layer implementations. A German group known as The Hacker's Choice released the tool on Monday, in part to bring attention to what they said were a series of long-running …
Dan Goodin, 24 Oct 2011
The Register breaking news

Google adds default end-to-end encryption to search

Google is rolling out default end-to-end encryption to people who use the site to seek for images, news and general webpages, a change that will better protect search queries and results from eavesdroppers. The SSL, or secure sockets layer, service will be offered by default to users who are signed into their Google accounts, …
Dan Goodin, 19 Oct 2011
The Register breaking news

Qualys endorses alternative to crappy SSL system

San Francisco-based security firm Qualys is throwing its support behind an experimental project designed to improve the security and privacy of website authentication by reducing reliance on certificate authorities that issue secure sockets layer credentials. The Convergence project was devised by Moxie Marlinspike, a security …
Dan Goodin, 30 Sep 2011
The Register breaking news

World takes notice as SSL-chewing BEAST is unleashed

With the decrypting of a protected PayPal browser cookie at a security conference Friday, it became official: the internet's foundation of trust has suffered yet another serious fracture that will require the attention of the industry's best minds. Within hours of the demonstration by researchers Juliano Rizzo and Thai Duong, …
Dan Goodin, 27 Sep 2011
The Register breaking news

Experts suggest SSL changes to keep BEAST at bay

With just a few hours until researchers unveiled an attack they say decrypts sensitive web traffic protected by the ubiquitous secure sockets layer protocol, cryptographers described a simple way website operators can insulate themselves against the exploit. The recommendations published Friday by two-factor authentication …
Dan Goodin, 23 Sep 2011
The Register breaking news

Hackers break SSL encryption used by millions of sites

Researchers have discovered a serious weakness in virtually all websites protected by the secure sockets layer protocol that allows attackers to silently decrypt data that's passing between a webserver and an end-user browser. The vulnerability resides in versions 1.0 and earlier of TLS, or transport layer security, the …
Dan Goodin, 19 Sep 2011
The Register breaking news

GlobalSign says 'isolated' webserver was hacked

Web authentication authority GlobalSign, which voluntarily suspended operations last week while it investigated claims its security was breached, said it has uncovered evidence that one of its servers has been compromised. "The breached web server has always been isolated from all other infrastructure and is used only to serve …
Dan Goodin, 12 Sep 2011
The Register breaking news

Apple finally purges Mac OS of disgraced DigiNotar certs

Apple has finally purged the imprimatur of disgraced web authentication authority DigiNotar from its Mac operating system. In an update released Friday, Apple removed multiple DigiNotar root certificates from the Lion and Snow Leopard versions of Mac OS X. The move came nine days after the discovery that the Netherlands-based …
Dan Goodin, 9 Sep 2011
The Register breaking news

Google: SSL alternative won't be added to Chrome

Still smarting from a counterfeit secure sockets layer certificate that threatened at least 300,000 of its users in Iran, Google has no plans to fortify its Chrome browser with an experimental technology that bypasses the current system for validating websites. In a blog post published Wednesday, Google security researcher Adam …
Dan Goodin, 8 Sep 2011
The Register breaking news

Dutch CA banished for life from Chrome, Firefox

The network breach in July that forged a near-perfect replica of a credential minted more than 200 other SSL certificates for more than 20 different domains, a top manager for Mozilla's Firefox browser said. In stern rebuke of substandard practices at Netherlands-based certificate authority DigiNotar, Director of …
Dan Goodin, 3 Sep 2011
The Register breaking news

Mozilla addons site targeted in same attack that hit Google

The secure webpage hosting addons for Mozilla Firefox was targeted in the same attack that minted a fraudulent authentication credential for Google websites, the maker of the open-source browser said. "DigiNotar informed us that they issued fraudulent certs for in July, and revoked them within a few days of …
Dan Goodin, 31 Aug 2011

Create a news alert about secure sockets layer, or find more stories about secure sockets layer.

Biting the hand that feeds IT © 1998–2018