SSL

Why doesn't your VPN work on the road?

Why doesn't your VPN work on the road?

Connecting to a host of different networks across the country could result in potential security vulnerabilities, but closing security loopholes too often results in slow or blocked connections.

Cyberoam bug may lead to traffic interception

Companies currently deploying Cyberoam deep packet inspection devices could be at risk due to an intercept flaw, according to a pair of researchers, but the UTM vendor refutes the claim.

Forensic incident response to the fore

We've recently been witnessing tremendous change in perspective when it comes to IT security and the shroud of embarrassment associated with breaches has been lifting.

Security breaches impacting VeriSign emerge in filing

By

The company responsible for ensuring that users reach the website they intend to reach admitted in an SEC filing that its network was breached numerous times in 2010.

GlobalSign says web server, not CA systems, hit by breach

By

GlobalSign, which briefly halted operations in September out of concern that it was the latest SSL certificate authority hacked, has determined that its CA infrastructure was never compromised.

Podcast: Fixing the SSL certificate chain

By

In this podcast, Access' Gustaf Bjorksten discusses why the SSL system has failed and what is necessary to improve its existing design and implementation. He helped author a call-to-action paper, and believes the future trust and privacy of the internet relies on finding a solution.

Cyber Monday to bring increase in online threats

By

Cyber Monday, the digital equivalent of the brick-and-mortar world's Black Friday, is one of the busiest online shopping days of the year, and typically marks the beginning of a month-long period of increased online threats.

Another Dutch certificate authority halts business

By

Netherlands-based KPN Corporate Market, a major telecommunications firm, has decided to exercise caution after uncovering a possible web server breach.

Amazon Kindle tablet routes web traffic to cloud first

Amazon's Silk browser, used on the newly announced the Kindle Fire tablet, has raised privacy concerns because it directs all traffic through its EC2 cloud service.

After breach, DigiNotar folds into voluntary bankruptcy

By

DigiNotar, the Dutch-based certificate authority that issued hundreds of counterfeit SSL certificates, is no more.

Dead certs?

Are we seeing the decline and fall of SSL and the Certificate Authority model?

Apple revokes DigitNotar certs, Mozilla asks CAs to audit

By

Apple, Mozilla and Adobe are the latest technology companies to respond to the DigiNotar breach.

Possibly breached GlobalSign to bring services back Monday

By

Portsmouth, N.H.-based certificate authority (CA) GlobalSign plans to be back fully operating on Monday after temporarily suspending the issuance of SSL credentials due to claims from a hacker linked to attacks on Comodo and DigiNotar. In a Monday post to Pastebin, a hacker claimed responsibility for the major attack on DigiNotar and said he has access to four other CAs, including GlobalSign. "We are adopting a high-threat approach to bringing services back online and we are working with a number of organizations to audit the process," the company said in a news release. GlobalSign is still investigating the hacker's claims, but said it believes CAs are facing an "industry-wide" attack.

DigiNotar breach fallout widens as more details emerge

By

Browser manufacturers and the Dutch government are acting quickly to contain the breach at certificate authority DigiNotar. The incident, meanwhile, has prompted calls for a system overhaul.

DigiNotar said attack is to blame for certificate compromise

By

Like Comodo before it, the certificate authority DigiNotar said its infrastructure was breached, allowing adversaries to create fraudulent SSL certificates.

Iran may be behind yet another SSL certificate spoof

By

Researchers have confirmed that for the second time in less than six months, a provider of SSL certificates has issued a phony credential for Google.com

Black Hat: Researcher releases tool for replacing certificate authorities

By

Well-known researcher Moxie Marlinspike proposed a solution to revamp the current trust-relationship model on the web, essentially turning the power over to the users.

Apple delivers updates related to Comodo, Pwn2Own

By

Apple released a number of security updates for Mac OS X, Safari and iOS.

Giving the cybercriminals a helping hand

Most Facebook app developers are making session hijacking too easy for the cybercriminals.

Two more Comodo resellers "owned" in SSL hack

By

Comodo has confirmed that two additional registration authorities affiliated with the company also were compromised in a highly publicized SSL certificate fraud attack disclosed last week.

I am Comodo hacker, Iranian claims

By

A lone Iranian hacker claimed responsibility over the weekend for an attack on Comodo, a company that issues digital SSL certificates used by websites to validate their identity to visitors.

Experts weigh in on Comodo SSL certificate fraud

By

Reactions are running rampant after Comodo revealed it was tricked into issuing rogue digital certificates.

Iran behind certificate fraud, says SSL vendor

By

An advisory warned of nine fraudulent digital certificates issued by Comodo that could have been used to impersonate some of the world's highest-profile websites.

Facebook introduces secure browsing feature

By

Facebook on Wednesday announced a new security feature designed to deter attackers from snooping on users who browse the social networking site via public wireless networks.

Firefox 3.6.13 issued to fix 13 flaws, 11 "critical"

By

Mozilla on Thursday issued an updated Firefox web browser to fix 13 vulnerabilities.

Facebook, Twitter fail latest security assessment

By

A nonprofit security think tank's "report card" has failed Facebook and Twitter for neglecting to implement safeguards that are available on other popular online services.

Firefox add-on allows session hijacking of popular sites

By

A computer researcher has released a plug-in for the Firefox web browser that lets anyone scan open Wi-Fi networks and hijack, for example, Twitter and Facebook accounts.

The state of SSL on the web: Qualys' Ivan Ristic discusses the good and the bad

By

Ivan Ristic, director of engineering at Qualys, provides an overview of his Black Hat 2010 talk, in which he presented a plethora of research findings into the state of SSL on the internet. As Ristic notes, websites are succeeding in some areas and falling short in others when it comes to deployment of SSL encryption.

Black Hat 2010: Even with SSL/TLS, browsers still are susceptible to attack

By

Two researchers at the Black Hat conference in Las Vegas on Thursday exposed 24 ways hackers can hijack seemingly secure browser sessions.

VeriSign refutes competitor's vulnerability claim

By

VeriSign and rival Comodo are at odds over whether the process by which users can access VeriSign SSL customer accounts constitutes a vulnerability.

Sign up to our newsletters

POLL