SSL/TLS – Page 2 – WindowsTechs.com

Companies are embracing an enterprise-wide encryption strategy

Posted on June 30, 2016 by Help Net Security

The biggest users of encryption are companies in financial services, healthcare and pharmaceutical, as well as technology and software industries, according to Thales. A new study, which is part of an annual survey of more than 5,000 individuals covering 14 major industry sectors and 11 countries, focuses on how encryption is being used in conjunction with business applications in order to protect data and allows companies to benchmark their use of encryption against companies in … More → Continue reading Companies are embracing an enterprise-wide encryption strategy→

Hypervisor wiretap feature can leak data from the cloud

Posted on June 10, 2016 by Help Net Security

Bitdefender has discovered that encrypted communications can be decrypted in real-time using a technique that has virtually zero footprint and is invisible to anyone except extremely careful security auditors. The technique, dubbed TeLeScope, has been developed for research purposes and proves that a third-party can eavesdrop on communications encrypted with the Transport Layer Security (TLS) protocol between an end-user and a virtualised instance of a server. The attack makes it possible for a malicious cloud … More → Continue reading Hypervisor wiretap feature can leak data from the cloud→

After issuing 1.7M certificates, Let’s Encrypt CA officially leaving beta

Posted on April 13, 2016 by Zeljka Zorz

Let’s Encrypt, the non-profit Certificate Authority (CA) backed by the Electronic Frontier Foundation, Mozilla, Cisco, Akamai, and others, is ready to be considered a stable offering. “Since our beta began in September 2015 we’ve issued more than 1.7 million certificates for more than 3.8 million websites. We’ve gained tremendous operational experience and confidence in our systems. The beta label is simply not necessary any more,” explained Josh Aas, Executive Director of the Internet Security Research … More → Continue reading After issuing 1.7M certificates, Let’s Encrypt CA officially leaving beta→

Million-plus sites hosted on WordPress.com get free SSL

Posted on April 11, 2016 by Zeljka Zorz

Friday brought some very good news for existing and future owners of sites hosted on WordPress.com: they will be getting HTTPS protection without having to pay for an SSL certificate or trouble themselves with managing it. “WordPress.com has supported encryption for sites using WordPress.com subdomains (like https://barry.wordpress.com/) since 2014. Our latest efforts now expand encryption to the million-plus custom domains (like automattic.com) hosted on WordPress.com,” explained Automattic systems wrangler Barry Abrahamson. The SSL certificates will … More → Continue reading Million-plus sites hosted on WordPress.com get free SSL→

PHP, Python still fail to spot revoked TLS certificates

Posted on April 1, 2016 by Zeljka Zorz

In 2012, a group of researchers demonstrated that SSL certificate validation is broken in many applications and libraries, and pointed out the root causes for that situation: badly designed APIs of SSL implementations and data-transport libraries. Four years later, Sucuri Security researchers wanted to check what’s the current situation, and discovered that there have been some improvements, but that PHP, Python and Google Go still fail to check if a TLS certificate has been revoked. … More → Continue reading PHP, Python still fail to spot revoked TLS certificates→