SSL News, Articles and Updates

Google implements HTTPS signal into search engine algorithm


Websites using HTTPS will be given higher priority in searches.

Why doesn't your VPN work on the road?

Why doesn't your VPN work on the road?

Connecting to a host of different networks across the country could result in potential security vulnerabilities, but closing security loopholes too often results in slow or blocked connections.

Forensic incident response to the fore

We've recently been witnessing tremendous change in perspective when it comes to IT security and the shroud of embarrassment associated with breaches has been lifting.

Security breaches impacting VeriSign emerge in filing


The company responsible for ensuring that users reach the website they intend to reach admitted in an SEC filing that its network was breached numerous times in 2010.

GlobalSign says web server, not CA systems, hit by breach


GlobalSign, which briefly halted operations in September out of concern that it was the latest SSL certificate authority hacked, has determined that its CA infrastructure was never compromised.

Podcast: Fixing the SSL certificate chain


In this podcast, Access' Gustaf Bjorksten discusses why the SSL system has failed and what is necessary to improve its existing design and implementation. He helped author a call-to-action paper, and believes the future trust and privacy of the internet relies on finding a solution.

Cyber Monday to bring increase in online threats


Cyber Monday, the digital equivalent of the brick-and-mortar world's Black Friday, is one of the busiest online shopping days of the year, and typically marks the beginning of a month-long period of increased online threats.

Another Dutch certificate authority halts business


Netherlands-based KPN Corporate Market, a major telecommunications firm, has decided to exercise caution after uncovering a possible web server breach.

Amazon Kindle tablet routes web traffic to cloud first

Amazon's Silk browser, used on the newly announced the Kindle Fire tablet, has raised privacy concerns because it directs all traffic through its EC2 cloud service.

After breach, DigiNotar folds into voluntary bankruptcy


DigiNotar, the Dutch-based certificate authority that issued hundreds of counterfeit SSL certificates, is no more.

Dead certs?

Are we seeing the decline and fall of SSL and the Certificate Authority model?

Apple revokes DigitNotar certs, Mozilla asks CAs to audit


Apple, Mozilla and Adobe are the latest technology companies to respond to the DigiNotar breach.

Possibly breached GlobalSign to bring services back Monday


Portsmouth, N.H.-based certificate authority (CA) GlobalSign plans to be back fully operating on Monday after temporarily suspending the issuance of SSL credentials due to claims from a hacker linked to attacks on Comodo and DigiNotar. In a Monday post to Pastebin, a hacker claimed responsibility for the major attack on DigiNotar and said he has access to four other CAs, including GlobalSign. "We are adopting a high-threat approach to bringing services back online and we are working with a number of organizations to audit the process," the company said in a news release. GlobalSign is still investigating the hacker's claims, but said it believes CAs are facing an "industry-wide" attack.

DigiNotar breach fallout widens as more details emerge


Browser manufacturers and the Dutch government are acting quickly to contain the breach at certificate authority DigiNotar. The incident, meanwhile, has prompted calls for a system overhaul.

DigiNotar said attack is to blame for certificate compromise


Like Comodo before it, the certificate authority DigiNotar said its infrastructure was breached, allowing adversaries to create fraudulent SSL certificates.

Iran may be behind yet another SSL certificate spoof


Researchers have confirmed that for the second time in less than six months, a provider of SSL certificates has issued a phony credential for

Black Hat: Researcher releases tool for replacing certificate authorities


Well-known researcher Moxie Marlinspike proposed a solution to revamp the current trust-relationship model on the web, essentially turning the power over to the users.

Apple delivers updates related to Comodo, Pwn2Own


Apple released a number of security updates for Mac OS X, Safari and iOS.

Giving the cybercriminals a helping hand

Most Facebook app developers are making session hijacking too easy for the cybercriminals.

Two more Comodo resellers "owned" in SSL hack


Comodo has confirmed that two additional registration authorities affiliated with the company also were compromised in a highly publicized SSL certificate fraud attack disclosed last week.

Experts weigh in on Comodo SSL certificate fraud


Reactions are running rampant after Comodo revealed it was tricked into issuing rogue digital certificates.

Iran behind certificate fraud, says SSL vendor


An advisory warned of nine fraudulent digital certificates issued by Comodo that could have been used to impersonate some of the world's highest-profile websites.

Facebook introduces secure browsing feature


Facebook on Wednesday announced a new security feature designed to deter attackers from snooping on users who browse the social networking site via public wireless networks.

Firefox 3.6.13 issued to fix 13 flaws, 11 "critical"


Mozilla on Thursday issued an updated Firefox web browser to fix 13 vulnerabilities.

Facebook, Twitter fail latest security assessment


A nonprofit security think tank's "report card" has failed Facebook and Twitter for neglecting to implement safeguards that are available on other popular online services.

Firefox add-on allows session hijacking of popular sites


A computer researcher has released a plug-in for the Firefox web browser that lets anyone scan open Wi-Fi networks and hijack, for example, Twitter and Facebook accounts.

The state of SSL on the web: Qualys' Ivan Ristic discusses the good and the bad


Ivan Ristic, director of engineering at Qualys, provides an overview of his Black Hat 2010 talk, in which he presented a plethora of research findings into the state of SSL on the internet. As Ristic notes, websites are succeeding in some areas and falling short in others when it comes to deployment of SSL encryption.

Black Hat 2010: Even with SSL/TLS, browsers still are susceptible to attack


Two researchers at the Black Hat conference in Las Vegas on Thursday exposed 24 ways hackers can hijack seemingly secure browser sessions.

VeriSign refutes competitor's vulnerability claim


VeriSign and rival Comodo are at odds over whether the process by which users can access VeriSign SSL customer accounts constitutes a vulnerability.

Google unveils encrypted search option


Google on Friday announced that it has rolled out a new privacy and security option for users to run encrypted searches. The new service, available at, utilizes https encryption, commonly used to protect banking and e-commerce sites, to create a secure connection between a user's browser and Google throughout their entire search session. The secure channel will help protect search terms and results pages from being intercepted by a third party, Google said. The service, currently in beta, includes a modified Google logo to indicateSSL encryption is being used. — AM


Sign up to our newsletters