Google drops the boom on WoSign, StartCom certs for good
Citing “certificate misissuance,” Google to expire all certs from offenders by September. Continue reading Google drops the boom on WoSign, StartCom certs for good
Category Archives: SSL
On The (Perceived) Value of EV Certs, Commercial CAs, Phishing and Let’s Encrypt
Last week I wrote about how Life Is About to Get a Whole Lot Harder for Websites Without HTTPS. Somewhere in the comments there, the discussion went off on a tangent about commercial CAs, the threat Let’s Encrypt poses to them and subsequently, the value (or lack thereof) posed by
Continue reading On The (Perceived) Value of EV Certs, Commercial CAs, Phishing and Let’s Encrypt
On The (Perceived) Value of EV Certs, Commercial CAs, Phishing and Let’s Encrypt
Last week I wrote about how Life Is About to Get a Whole Lot Harder for Websites Without HTTPS. Somewhere in the comments there, the discussion went off on a tangent about commercial CAs, the threat Let’s Encrypt poses to them and subsequently, the value (or lack thereof) posed by
Continue reading On The (Perceived) Value of EV Certs, Commercial CAs, Phishing and Let’s Encrypt
Free Certs Come With a Cost
Leading certificate authority Let’s Encrypt is facing criticism that its rapid growth and eagerness to encrypt internet communications is happening at a cost. Continue reading Free Certs Come With a Cost
Life Is About to Get a Whole Lot Harder for Websites Without HTTPS
In case you haven’t noticed, we’re on a rapid march towards a “secure by default” web when it comes to protecting traffic. For example, back in Feb this year, 20% of the Alexa Top 1 Million sites were forcing the secure scheme:
These figures are from Scott Helme’s
Continue reading Life Is About to Get a Whole Lot Harder for Websites Without HTTPS
Life Is About to Get a Whole Lot Harder for Websites Without HTTPS
In case you haven’t noticed, we’re on a rapid march towards a “secure by default” web when it comes to protecting traffic. For example, back in Feb this year, 20% of the Alexa Top 1 Million sites were forcing the secure scheme:
These figures are from Scott Helme’s biannual report
Continue reading Life Is About to Get a Whole Lot Harder for Websites Without HTTPS
The World is Changing
The world is changing; it always has but the world is changing faster now than it ever has before. This general change is translating into even bigger changes in the cyber world. Some of the key areas that are evolving aren’t new, like availability or security. Others like automation are maturing quickly, and then there […]
The post The World is Changing appeared first on Radware Blog.
To stay secure: Four new SSL implementation thoughts
10 years ago, I left my position as the principal architect at a major U.S. financial institution. We developed the standards for how SSL was used inside the bank and their systems. Because of the weakness of ADC hardware at the time, we standardized on the “fastest and lightest” ciphers that would allow us to […]
The post To stay secure: Four new SSL implementation thoughts appeared first on Radware Blog.
Continue reading To stay secure: Four new SSL implementation thoughts
News – Enterprise Security Weekly #46
Stopping insider threats with machine learning, the importance of inspecting encrypted traffic, performance and security relations, and what to do if you’re SOC is overwhelmed with too many SEIM alerts. Full Show Notes http://traffic.libsyn.com/eswaudio/News4_-_Enterprise_Security_Weekly_46_converted.mp3 Continue reading News – Enterprise Security Weekly #46
Tiptoeing Through Vulnerabilities
I sympathize with developers who throw up their hands and say, “I don’t do security stuff.” No matter what you choose, there’s a trade off that could go wrong. It’s especially troublesome if one deploys a “security website.” I’ve deployed security education websites in many environments over the past 20 years, and I rarely achieve … Continue reading Tiptoeing Through Vulnerabilities →
Continue reading Tiptoeing Through Vulnerabilities