Get up-to-the-minute news and opinions, plus access to a wide assortment of IT security resources that will keep you current and informed.

Keep me logged in Forgot your password?

Please wait...

Please wait...

 SSL

Forensic incident response to the fore

Anthony Di Bello, product marketing manager, Guidance Software February 24, 2012

We've recently been witnessing tremendous change in perspective when it comes to IT security and the shroud of embarrassment associated with breaches has been lifting.
 

Security breaches impacting VeriSign emerge in filing

February 02, 2012

The company responsible for ensuring that users reach the website they intend to reach admitted in an SEC filing that its network was breached numerous times in 2010.
 

GlobalSign says web server, not CA systems, hit by breach

December 16, 2011

GlobalSign, which briefly halted operations in September out of concern that it was the latest SSL certificate authority hacked, has determined that its CA infrastructure was never compromised.
 

Podcast: Fixing the SSL certificate chain

November 30, 2011

In this podcast, Access' Gustaf Bjorksten discusses why the SSL system has failed and what is necessary to improve its existing design and implementation. He helped author a call-to-action paper, and believes the future trust and privacy of the internet relies on finding a solution.
 

Cyber Monday to bring increase in online threats

November 23, 2011

Cyber Monday, the digital equivalent of the brick-and-mortar world's Black Friday, is one of the busiest online shopping days of the year, and typically marks the beginning of a month-long period of increased online threats.
 

Another Dutch certificate authority halts business

November 07, 2011

Netherlands-based KPN Corporate Market, a major telecommunications firm, has decided to exercise caution after uncovering a possible web server breach.
 

Amazon Kindle tablet routes web traffic to cloud first

Darren Pauli, SC Australia/New Zealand edition October 03, 2011

Amazon's Silk browser, used on the newly announced the Kindle Fire tablet, has raised privacy concerns because it directs all traffic through its EC2 cloud service.
 

After breach, DigiNotar folds into voluntary bankruptcy

September 20, 2011

DigiNotar, the Dutch-based certificate authority that issued hundreds of counterfeit SSL certificates, is no more.
 

Dead certs?

David Harley, ESET senior research fellow • September 15, 2011

Are we seeing the decline and fall of SSL and the Certificate Authority model?
 

Apple revokes DigitNotar certs, Mozilla asks CAs to audit

September 09, 2011

Apple, Mozilla and Adobe are the latest technology companies to respond to the DigiNotar breach.
 

Possibly breached GlobalSign to bring services back Monday

September 08, 2011

Portsmouth, N.H.-based certificate authority (CA) GlobalSign plans to be back fully operating on Monday after temporarily suspending the issuance of SSL credentials due to claims from a hacker linked to attacks on Comodo and DigiNotar. In a Monday post to Pastebin, a hacker claimed responsibility for the major attack on DigiNotar and said he has access to four other CAs, including GlobalSign. "We are adopting a high-threat approach to bringing services back online and we are working with a number of organizations to audit the process," the company said in a news release. GlobalSign is still investigating the hacker's claims, but said it believes CAs are facing an "industry-wide" attack.
 

DigiNotar breach fallout widens as more details emerge

September 06, 2011

Browser manufacturers and the Dutch government are acting quickly to contain the breach at certificate authority DigiNotar. The incident, meanwhile, has prompted calls for a system overhaul.
 

DigiNotar said attack is to blame for certificate compromise

August 30, 2011

Like Comodo before it, the certificate authority DigiNotar said its infrastructure was breached, allowing adversaries to create fraudulent SSL certificates.
 

Iran may be behind yet another SSL certificate spoof

August 29, 2011

Researchers have confirmed that for the second time in less than six months, a provider of SSL certificates has issued a phony credential for Google.com
 

Black Hat: Researcher releases tool for replacing certificate authorities

August 04, 2011

Well-known researcher Moxie Marlinspike proposed a solution to revamp the current trust-relationship model on the web, essentially turning the power over to the users.
 

Apple delivers updates related to Comodo, Pwn2Own

April 15, 2011

Apple released a number of security updates for Mac OS X, Safari and iOS.
 

Giving the cybercriminals a helping hand

Randy Abrams, director of technical education, Cyber Threat Analysis Center, ESET North America March 31, 2011

Most Facebook app developers are making session hijacking too easy for the cybercriminals.
 

Two more Comodo resellers "owned" in SSL hack

March 30, 2011

Comodo has confirmed that two additional registration authorities affiliated with the company also were compromised in a highly publicized SSL certificate fraud attack disclosed last week.
 

I am Comodo hacker, Iranian claims

March 28, 2011

A lone Iranian hacker claimed responsibility over the weekend for an attack on Comodo, a company that issues digital SSL certificates used by websites to validate their identity to visitors.
 

Experts weigh in on Comodo SSL certificate fraud

March 24, 2011

Reactions are running rampant after Comodo revealed it was tricked into issuing rogue digital certificates.
 

Iran behind certificate fraud, says SSL vendor

March 23, 2011

An advisory warned of nine fraudulent digital certificates issued by Comodo that could have been used to impersonate some of the world's highest-profile websites.
 

Facebook introduces secure browsing feature

January 26, 2011

Facebook on Wednesday announced a new security feature designed to deter attackers from snooping on users who browse the social networking site via public wireless networks.
 

Firefox 3.6.13 issued to fix 13 flaws, 11 "critical"

December 10, 2010

Mozilla on Thursday issued an updated Firefox web browser to fix 13 vulnerabilities.
 

Facebook, Twitter fail latest security assessment

November 05, 2010

A nonprofit security think tank's "report card" has failed Facebook and Twitter for neglecting to implement safeguards that are available on other popular online services.
 

Firefox add-on allows session hijacking of popular sites

October 26, 2010

A computer researcher has released a plug-in for the Firefox web browser that lets anyone scan open Wi-Fi networks and hijack, for example, Twitter and Facebook accounts.
 

The state of SSL on the web: Qualys' Ivan Ristic discusses the good and the bad

August 16, 2010

Ivan Ristic, director of engineering at Qualys, provides an overview of his Black Hat 2010 talk, in which he presented a plethora of research findings into the state of SSL on the internet. As Ristic notes, websites are succeeding in some areas and falling short in others when it comes to deployment of SSL encryption.
 

Black Hat 2010: Even with SSL/TLS, browsers still are susceptible to attack

July 29, 2010

Two researchers at the Black Hat conference in Las Vegas on Thursday exposed 24 ways hackers can hijack seemingly secure browser sessions.
 

VeriSign refutes competitor's vulnerability claim

June 23, 2010

VeriSign and rival Comodo are at odds over whether the process by which users can access VeriSign SSL customer accounts constitutes a vulnerability.
 

Google unveils encrypted search option

May 21, 2010

Google on Friday announced that it has rolled out a new privacy and security option for users to run encrypted searches. The new service, available at https://www.google.com, utilizes https encryption, commonly used to protect banking and e-commerce sites, to create a secure connection between a user's browser and Google throughout their entire search session. The secure channel will help protect search terms and results pages from being intercepted by a third party, Google said. The service, currently in beta, includes a modified Google logo to indicateSSL encryption is being used. — AM
 

Symantec inks $1.28 billion deal to buy part of VeriSign

May 19, 2010

Hours after rumors began circulating about an impending mega-deal, Symantec on Thursday afternoon announced it has acquired the identity and authentication business of VeriSign for $1.28 billion.
 
Popular Topics
4G-war Advanced Persistent Threat Adware AMTSO Anonymous Botnets Cyber Attacks Cyber Crime Data Breach Data Breaches Encryption Hackers Hacktivism Health Care IT Security Java Malware Mobile Devices Phishing Risk Management Social Security Numbers Stolen Information Survey Trojans Vulnerabilities & Flaws