In a move that will essentially double the number of SSL-protected sites on the Web in the space of 24 hours, CloudFlare on Monday said that it was enabling SSL for all of its more than two million customers for free. The new service is called Universal SSL, and the company is making it available[...]
Browsing Category: Cryptography
Users of Mozilla products should update Firefox, NSS, SeaMonkey and Thunderbird in order to obtain fixes for a bug that could let an attacker forge RSA certificates and perform man-in-the-middle attacks.
Mozilla announced that it will begin phasing out support for SHA-1 certificates, and will no longer trust them after Jan. 1, 2017.
Despite research published last year that demonstrated that Apple has the ability to decrypt users iMessages if it so chooses, Apple CEO Tim Cook said that the company does not hold the encryption key for those messages and couldn’t even produce the plaintext in response to a government order.
Crypto ransomware, a relatively unknown phenomenon a couple of years ago, has exploded into one of the nastier malware problems for Internet users. Variants such as CryptoLocker and CryptoWall have been siphoning money from victims for some time, and now researchers have dissected a newer variant known as TorrentLocker and found that the creators made[...]
When Mozilla released Firefox 32 last week, the company removed several root certificates from the trust store for the browser. The move wasn’t because the certificates were fraudulent or the CAs that issued them were compromised, but because the certificates use 1024-bit keys. This is the first step in a process that Mozilla officials say[...]
Google has initiated a process to revoke trust from any certificates that rely on the outdated SHA-1crytpographic hash algorithm.
The OpenSSL Project yesterday for the first time made the OpenSSL security policy public.
Data compiled from Rapid7′s Project Sonar scan found 107,000 websites running 1024-bit CA certificates that will soon be untrusted as Mozilla announces it will no longer support the shorter, weaker keys.
Dennis Fisher talks with Gary McGraw of Cigital about the IEEE’s new Center for Secure Design program, the difficulty of defeating large classes of bugs and the collaborative effort it will take to solve the software security problem.