Add to Favorites You May Have to Reissue Your Certificate!! Since announcing the acquisition, DigiCert has actively engaged with the security community to explore paths that address browser concerns about Symantec/Geotrust/Thawte/Rapidssl-issued certificates while balancing the SSL/TLS implementations currently deployed. Symantec-issued certificates impacted by browser timelines will need to be replaced to bring them under the […]
Category: 1. Announcements
DigiCert Closes Acquisition of Symantec’s Website Security Division.
Add to Favorites DigiCert announced on Oct. 31 that is has completed the $950 million acquisition of Symantec’s Website Security and PKI (Public Key Infrastructure) business assets related to SSL/TLS certificates. It is now official. DigiCert is now in ownership of Symantec’s Website Security division. The deal was first announced on Aug. 3, with the […]
“WannaCry” Blocked by Symantec – Best Practices Against Ransomware.
Add to Favorites A world wide cyberattack that caused chaos On May 12, 2017 is still ongoing involving a ransomware named WannaCry (aka WCry). These attacks are targeting and have affected users from various countries across the globe. The WannaCry threat will encrypt data files on infected computers and ask users to pay a $300 US ransom […]
CA|B Forum Passes Ballot 193 – Deprecation of 3 Year SSL Certificates
Add to Favorites The CAB Forum (CA Forum) is the governing body that moves the security of the internet with SSL Certificates. The CA/Browser Forum began in 2005 as part of an effort among certification authorities and browser software vendors to provide greater assurance to Internet users about the web sites they visit by leveraging […]
What is Certificate Transparency?
Add to Favorites Google’s Certificate Transparency is an open source project that aims to strengthen the SSL/TLS certificate system, which is the main cryptographic security system that underlies all HTTPS secure connections. It is a extra tier of certificate security that forms a Security Triad to ensure that clients navigating the internet are safe and secure […]
SSLv2 – The “Drown” Attack
Add to Favorites Just recently there has been a lot of news regarding a vulnerability with SSLv2 (SSL2.0) and what has been named the Drown Attack. You will see articles saying “Drown Attack effects over 1/3 of the worlds websites, ” “No one is secure on the internet anymore,” More than a Million sites effected!” etc.. […]
OpenSSL patch released that fixes High-severity Diffie Hellman bug
Add to Favorites OpenSSL has fixed a high-severity vulnerability that made it possible for attackers to obtain the key that decrypts communications secured in HTTPS based on the ephemeral keys, DSA based Diffie Hellman (DH) key exchange. The OpenSSL Diffie Hellman issue got assigned CVE-2016-0701 with a severity of High. This vulnerability could allow an attacker to force the […]
SHA 1 Critical Vulnerability Notice
Add to Favorites On October 8, 2015, a team of international cryptography researchers warned of a significantly increased risk in using SHA-1 certificates, and recommended that administrators accelerate their migration to SHA-2 certificates. The risk is that, with enough computing power, an attacker can craft a fake certificate that in all key respects appears to […]
How to fix Alternative chains certificate forgery (CVE-2015-1793)
Add to Favorites How to fix Alternative chains certificate forgery (CVE-2015-1793):Critical OpenSSL vulnerability could allow attackers to intercept secure communications. What is it: An error in the implementation of the alternative certificate chain logic could allow an attacker to cause certain checks on untrusted certificates to be bypassed, such as the CA flag, enabling them […]
OpenSSL: Alternative Chains Certificate Forgery Vulnerability (CVE-2015-1793)
Add to Favorites Critical OpenSSL vulnerability could allow attackers to intercept secure communications with the new Alternative Chains Certificate Forgery Vulnerability (CVE-2015-1793) A critical new vulnerability in OpenSSL could allow attackers to intercept secure communications by tricking a targeted computer into accepting a bogus digital certificate as valid. This could facilitate man-in-the-middle (MITM) attacks, where […]