Symantec API Flaws reportedly let attackers steal Private SSL Keys and Certificates

A security researcher has disclosed critical issues in the processes and third-party API used by Symantec certificate resellers to deliver and manage Symantec SSL certificates.

The flaw, discovered by Chris Byrne, an information security consultant an… Continue reading Symantec API Flaws reportedly let attackers steal Private SSL Keys and Certificates

Google Chrome to Distrust Symantec SSLs for Mis-issuing 30,000 EV Certificates

Google announced its plans to punish Symantec by gradually distrusting its SSL certificates after the company was caught improperly issuing 30,000 Extended Validation (EV) certificates over the past few years.

The Extended Validation (EV) status of al… Continue reading Google Chrome to Distrust Symantec SSLs for Mis-issuing 30,000 EV Certificates

Google becomes its own Root Certificate Authority

In an effort to expand its certificate authority capabilities and build the “foundation of a more secure web,” Google has finally launched its root certificate authority.

In past few years, we have seen Google taking many steps to show its strong supp… Continue reading Google becomes its own Root Certificate Authority

OpenSSL Releases Patch For “High” Severity Vulnerability

As announced on Tuesday, the OpenSSL project team released OpenSSL version 1.1.0c that addresses three security vulnerabilities in its software.

The most serious of all is a heap-based buffer overflow bug (CVE-2016-7054) related to Transport Layer Security (TLS) connections using *-CHACHA20-POLY1305 cipher suites.

The vulnerability, reported by Robert Święcki of the Google Security Team on

Continue reading OpenSSL Releases Patch For “High” Severity Vulnerability

Critical DoS Flaw found in OpenSSL — How It Works

The OpenSSL Foundation has patched over a dozen vulnerabilities in its cryptographic code library, including a high severity bug that can be exploited for denial-of-service (DoS) attacks.

OpenSSL is a widely used open-source cryptographic library that… Continue reading Critical DoS Flaw found in OpenSSL — How It Works

Chinese Certificate Authority ‘mistakenly’ gave out SSL Certs for GitHub Domains

A Chinese certificate authority (CA) appeared to be making a significant security blunder by handing out duplicate SSL certificates for a base domain if someone just has control over its any subdomain.

The certificate authority, named WoSign, issued … Continue reading Chinese Certificate Authority ‘mistakenly’ gave out SSL Certs for GitHub Domains