Hypervisor wiretap feature can leak data from the cloud
Bitdefender has discovered that encrypted communications can be decrypted in real-time using a technique that has virtually zero footprint and is invisible to anyone except …
Bitly partners with Let’s Encrypt for HTTPS links
Bitly processes data associated with more than 12 billion clicks per month, leading to massive troves of intelligence. Now, they’re partnering with Let’s Encrypt …
After issuing 1.7M certificates, Let’s Encrypt CA officially leaving beta
Let’s Encrypt, the non-profit Certificate Authority (CA) backed by the Electronic Frontier Foundation, Mozilla, Cisco, Akamai, and others, is ready to be considered a …
Million-plus sites hosted on WordPress.com get free SSL
Friday brought some very good news for existing and future owners of sites hosted on WordPress.com: they will be getting HTTPS protection without having to pay for an SSL …
PHP, Python still fail to spot revoked TLS certificates
In 2012, a group of researchers demonstrated that SSL certificate validation is broken in many applications and libraries, and pointed out the root causes for that situation: …
DROWN attack breaks TLS encryption, one-third of all HTTPS servers vulnerable
There’s a new attack that breaks the communication encryption provided by SSL and TLS and can therefore lead to theft of extremely sensitive data exchanged between users …
Perceptions and buying practices of infosec decision makers
CyberEdge Group surveyed 1,000 IT infosec decision makers and practitioners from 10 countries, five continents, and 19 industries, and unsurprisingly, the news is not good. In …
OpenSSL bug that could allow traffic decryption has been fixed
The OpenSSL Project has pushed out new versions of the widely used OpenSSL cryptographic library, which incorporate patches for two distinct security bugs, and an update of …
SLOTH attacks weaken secure protocols because they still use MD5 and SHA-1
Researchers Karthikeyan Bhargavan and Gaëtan Leurent from INRIA, the French national research institute for computer science, have discovered a new class of transcript …
Ivan Ristic and SSL Labs: How one man changed the way we understand SSL
Ivan Ristic is well-known in the information security world, and his name has become almost a synonym for SSL Labs, a project he started in early 2009. Before that, he was …
SHA-2 encryption will make many sites inaccessible to users who can’t afford newer tech
A group of security researchers has recently announced that it’s highly likely that effective collision attacks that would break SHA-1 encryption will be revealed by the …
Free PCI and NIST compliant SSL test
High-Tech Bridge announced a free online service designed to check SSL/TLS security of a web server. It performs four distinct tests: Test for compliance with NIST Guidelines …
