Collaborate Disseminate
For twelve years, the standard internet encryption has been Transport Layer Security (TLS) 1.2. Following its roots takes you back to the first version of the Secure Sockets Layer (SSL) protocol, which was developed in 1995 by Netscape but never releas… Continue reading TLS 1.3: Slow adoption of stronger web encryption is empowering the bad guys
Starting with 20:00 UTC (3:00pm US EST), today (March 4), the non-profit certificate authority Let’s Encrypt will begin it’s effort to revoke a little over 3 million TLS/SSL certificates that it issued while a bug affected its CA software. … Continue reading Let’s Encrypt will revoke 3m+ TLS/SSL certificates
The total number of phishing sites detected by the Anti-Phishing Working Group (APWG) worldwide in October through December 2019 was 162,155, following the all-time-high of 266,387 attacks recorded in July through September 2019. Most menacing, however… Continue reading Almost three-quarters of all phishing sites now use SSL protection
From 1 September 2020, Safari will no longer trust SSL/TLS certificates with more than a year on the clock. Continue reading Apple chops Safari’s TLS certificate validity down to one year
Since Edward Snowden’s revelations of sweeping internet surveillance by the NSA, the push to encrypt the web has been unrelenting. Bolstered by Google’s various initiatives (e.g., its prioritizing of websites that use encryption in Google Search result… Continue reading What is flowing through your enterprise network?
From March, the Firefox, Chrome, Safari and Edge browsers will show warnings when users visit websites that only support TLS versions 1.0 or 1.1. Continue reading Mozilla issues final warning to websites using TLS 1.0
There has been a rampant growth of look-alike domains, which are often used to steal sensitive data from online shoppers. Venafi analyzed suspicious domains targeting 20 major retailers in the U.S., U.K., France, Germany and Australia and found over 10… Continue reading Trusted certificates make phishing websites appear valid
We should be able to trust public key certificates, but this is the real world: mistakes and “mistakes” happen. Researchers from Indiana University Bloomington have analyzed 379 reported instances of failures in certificate issuance to pinp… Continue reading Analysis reveals the most common causes behind mis-issued SSL/TLS certificates
The upcoming, newest version of Android – still only known as “Android Q” – will have many new and improved protections for user privacy. Google has now also outlined the changes aimed at enhancing the security of the devices ru… Continue reading Android Q: Enhanced security for consumers and enterprises
In this Help Net Security podcast, Deepen Desai, VP Security Research & Operations at Zscaler, talks about the latest Zscaler Cloud Security Insight Report, which focuses on SSL/TLS based threats. Here’s a transcript of the podcast for your conven… Continue reading Cybercriminals are increasingly using encryption to conceal and launch attacks