certificates
35% of websites still using insecure SHA-1 certificates
35 percent of the world’s websites are still using insecure SHA-1 certificates, according to Venafi. This is despite the fact that leading browser providers, such as …
Final warning: Popular browsers will soon stop accepting SHA-1 certificates
Starting with Chrome 56, planned to be released to the wider public at the end of January 2017, Google will remove support for SHA-1 certificates. Other browser makers plan to …
Cloud and IoT adoption requires organizations to future-proof PKI implementations
New research by the Ponemon Institute shows an increased reliance on PKIs in today’s enterprise environment, driven by the growing use of cloud-based services and …
Kaspersky Safe Browser iOS app sports MITM SSL certificate bug
Security researcher David Coomber has unearthed a vulnerability (CVE-2016-6231) in the Kaspersky Safe Browser iOS app that effectively contradicts its name. As it turns out, …
Open source hardware cryptographic module offered for $800
For a few years now, the CrypTech project has been working on designing an open source hardware cryptographic engine that could be used to secure core Internet infrastructure. …
UK banking customers targeted with Retefe Trojan with MitM capabilities
UK users are the latest targets of cyber crooks leveraging the Retefe banking Trojan and a rogue root certificate. The malware is out to steal online banking credentials of …
After issuing 1.7M certificates, Let’s Encrypt CA officially leaving beta
Let’s Encrypt, the non-profit Certificate Authority (CA) backed by the Electronic Frontier Foundation, Mozilla, Cisco, Akamai, and others, is ready to be considered a …
Million-plus sites hosted on WordPress.com get free SSL
Friday brought some very good news for existing and future owners of sites hosted on WordPress.com: they will be getting HTTPS protection without having to pay for an SSL …
Pirated App Store client for iOS found on Apple’s App Store
An app called 开心日常英语 (“Happy Daily English”), which has been offered for download via Apple’s official App Store, has been revealed to be a fully functional …
Microsoft will stop trusting certificates from 20 Certificate Authorities
Starting on January 2016, Microsoft’s Trusted Root Certificate Program will no longer include twenty currently trusted CAs and will remove their root certificates …
Windows machines stop trusting Dell’s two unconstrained root CA certs
Microsoft has updated the Certificate Trust list for all supported releases of Microsoft Windows so that the two digital certificates (complete with inadvertently disclosed …
More than 900 embedded devices share hard-coded certs, SSH host keys
Embedded devices of some 50 manufacturers has been found sharing the same hard-coded X.509 certificates (for HTTPS) and SSH host keys, a fact that can be exploited by a …