SSL – Page 14 – WindowsTechs.com

Cryptosmith Video Series #1 through #15

Posted on April 5, 2017 by cryptosmith

I have posted the fifteenth video in the Cryptosmith Series on practical basic cryptography. The video collection falls into three parts: the network crypto introduction, the DVD example, and the public-key certificate discussion. There are also updates to other series videos. They now use the acronym “SSL” a lot more, since people recognize it more often than “TLS.” … Continue reading Cryptosmith Video Series #1 through #15 → Continue reading Cryptosmith Video Series #1 through #15→

Mozilla weighs following Chrome in mistrusting Symantec certs

Posted on March 28, 2017 by Shaun Waterman

Mozilla, maker of the open-source browser Firefox, is weighing whether to join Google’s Chrome in its crusade against Symantec. A Mozilla blog post says Chrome engineers are correct in their assessment of the problems with Symantec-issued internet security certificates, but they may have gone too far by proposing to distrust them. Security certificates underlie the little green padlock in the browser address bar that tells consumers it’s safe to shop and bank online. It’s a high-stakes game — if Chrome goes ahead with its plan to progressively stop trusting the certificates, its users will see a warning message or might even be blocked from visiting e-commerce sites that use Symantec certificates. And currently, that’s at least a third of the internet. But the more browsers that join Chrome in distrusting Symantec certificates, the more likely it becomes that Symantec’s customers will simply get their certificates elsewhere. In a blog post from Mozilla Policy Engineer Gervase […]

The post Mozilla weighs following Chrome in mistrusting Symantec certs appeared first on Cyberscoop.

Continue reading Mozilla weighs following Chrome in mistrusting Symantec certs→

VU#342303: Pandora iOS app does not properly validate SSL certificates

Posted on March 28, 2017 by CERT

The Pandora iOS app fails to properly validate SSL certificates provided by HTTPS connections,which may enable an attacker to conduct man-in-the-middle(MITM)attacks. Continue reading VU#342303: Pandora iOS app does not properly validate SSL certificates→

Symantec says it will reissue digital certs distrusted by Chrome

Posted on March 27, 2017 by Shaun Waterman

Symantec looks to be caving in its dispute with Google’s Chrome over the trustworthiness of digital certificates — which underlie the green padlock in the browser’s address bar that tells consumers it’s safe to bank or shop online. Chrome, citing what it says are repeated failures by Symantec to comply with the issuance rules regarding digital security certificates, last week threatened to stop fully trusting them. Chrome’s proposal demands that Symantec re-validate and re-issue the millions of certificates it’s created and would strip Symantec of the authority to issue extended validation, or EV, certificates at all. Because the proposal could mean Chrome users would no longer be able to shop or bank safely at many major e-commerce sites that currently use Symantec certificates, the proposal effectively challenged Symantec to a game of chicken. Over the weekend, Symantec blinked. In a blog post titled “A Message to our [Certificate Authority, or] CA Customers,” Symantec Senior Vice President and […]

The post Symantec says it will reissue digital certs distrusted by Chrome appeared first on Cyberscoop.

Continue reading Symantec says it will reissue digital certs distrusted by Chrome→

Citing compliance failures, Chrome will distrust Symantec certificates

Posted on March 24, 2017 by Shaun Waterman

Two of the biggest names on the internet embarked on a game of chicken this week over the little green padlock in the address bar. Browser behemoth Chrome, citing what it says are repeated failures by security giant Symantec to comply with the rules governing the issuance of internet security certificates, is threatening to stop fully trusting them. At stake is the browser experience for millions of consumers who use the Google-backed browser to shop and bank online. The security certificates are the basis for TLS, the encrypted connection between a website and a visiting computer that’s denoted by the green padlock. TLS — and the outdated SSL system it’s replacing — make it possible for users to send credit card details, social security numbers and other sensitive information safely and privately across the public internet. If Chrome stopped recognizing Symantec certificates — which are behind at least a third of the TLS traffic on the […]

The post Citing compliance failures, Chrome will distrust Symantec certificates appeared first on Cyberscoop.

Continue reading Citing compliance failures, Chrome will distrust Symantec certificates→

How to Protect Your E-commerce Business from Cyber Attacks

Posted on March 23, 2017 by Tripwire Guest Authors

Just as traditional brick-and-mortar businesses are targeted by anarchists during protests or times of unrest, e-commerce businesses are targeted by cyber criminals, except they don’t wait for particular season or reason. Whether small, medium or large, every business is, sadly, at the mercy of hackers who will exploit every opportunity they get to breach sensitive […]… Read More

The post How to Protect Your E-commerce Business from Cyber Attacks appeared first on The State of Security.

Continue reading How to Protect Your E-commerce Business from Cyber Attacks→

US-CERT Warns HTTPS Inspection May Degrade TLS Security

Posted on March 17, 2017 by Michael Mimoso

Security tools that proxy and inspect HTTPS traffic create a blindspot for network administrators trying to determine whether communication between clients and servers is secure. Continue reading US-CERT Warns HTTPS Inspection May Degrade TLS Security→

Where Have All The Exploit Kits Gone?

Posted on March 15, 2017 by Tom Spring

For a long time, exploit kits were the most prolific malware distribution vehicle available to attackers. Where did they go and what’s replaced them? Continue reading Where Have All The Exploit Kits Gone?→

Network Security Does Not Matter When You Invite the Hacker Inside

Posted on March 9, 2017 by Frank Yue

We build security solutions to protect our networks from the rest of the internet, but do we do anything to protect the network from our own employees and users? The first line of protection for your networks is not the firewall or other perimeter security device, it is the education and protection of the people […]

The post Network Security Does Not Matter When You Invite the Hacker Inside appeared first on Radware Blog.

Continue reading Network Security Does Not Matter When You Invite the Hacker Inside→

VU#247016: Flash Seats Mobile App for Android and iOS fails to validate SSL certificates

Posted on March 8, 2017 by CERT

Flash Seats Mobile App for Android,version 1.7.9 and earlier,and for iOS,version 1.9.51 and earlier,fails to properly validate SSL certificates provided by HTTPS connections,which may enable an attacker to conduct man-in-the-middle(MITM)attacks. Continue reading VU#247016: Flash Seats Mobile App for Android and iOS fails to validate SSL certificates→