Ask the Experts

Ask the Experts

PKI and digital certificates

• Can PDF digital signatures be trusted?

  Digital signatures on PDF documents don't necessarily guarantee their contents are valid, as new research shows viewer implementations don't always detect incomplete signatures.  Continue Reading

• How concerned should I be about a padding oracle attack?

  Padding oracle attacks have long been well-known and well-understood. Find out how they work and why using modern encryption protocols can reduce the risks.  Continue Reading

• Will DNS Flag Day affect you? Infoblox's Cricket Liu explains

  What is DNS Flag Day? That's when old and broken DNS servers will stop working, improving DNS performance and safety for all. Infoblox's chief DNS architect Cricket Liu explains.  Continue Reading

• Public key pinning: Why is Google switching to a new approach?

  After introducing HTTP Public Key Pinning to the internet two years ago, the upcoming Chrome will replace it with the Expect-CT header. Matt Pascucci explains the switch.  Continue Reading

• PGP keys: Can accidental exposures be mitigated?

  The accidental publication of an Adobe private key could have put the company in jeopardy. Matt Pascucci explains how it happened and how to better protect PGP keys.  Continue Reading

• Running a private certificate authority: What are the risks?

  Running a private certificate authority can pose significant risks and challenges to meet baseline requirements. Michael Cobb explores what enterprises should know.  Continue Reading

• WoSign certificates: What happens when Google Chrome removes trust?

  Google Chrome has started removing trust in certificates issued by WoSign. Matthew Pascucci explains this decision and what it means for companies using WoSign certificates.  Continue Reading

• Ticketbleed flaw: How can SSL session identities be protected?

  The Ticketbleed flaw in F5 Networks' BIG-IP appliances leaks uninitialized memory and SSL session identities. Expert Michael Cobb explains how enterprises can mitigate it.  Continue Reading

• SHA-1 certificates: How will Mozilla's deprecation affect enterprises?

  Mozilla browser users will encounter 'untrusted connection' errors if they use SHA-1 signed certificates. Expert Michael Cobb explains why, and what enterprises can do.  Continue Reading

• HTTP public key pinning: Is the Firefox browser insecure without it?

  HTTP public key pinning, a security mechanism to prevent fraudulent certificates, was not used by Firefox, and left it open to attack. Expert Michael Cobb explains how HPKP works.  Continue Reading

• How can PGP short key IDs be protected from collision attacks?

  A well-known PGP short key ID flaw has been discovered to be the cause of collision attacks on Linux developers. Expert Michael Cobb explains the flaw with short key IDs.  Continue Reading

• How can users protect mobile devices from SandJacking attacks?

  Attackers can use the SandJacking attack to access sandboxed data on iOS devices. Expert Nick Lewis explains how to protect your enterprise from this attack.  Continue Reading

• Internal PKI: What are the benefits of enterprises moving it in-house?

  Many large enterprises have their own internal public key infrastructure. Expert Michael Cobb explains the considerations organizations should make before undertaking the task.  Continue Reading

• How does SandJacking let attackers load malware on iOS devices?

  SandJacking, a new iOS attack technique, uses an XCode certificate flaw to load malicious apps onto devices. Expert Michael Cobb explains how the attack works.  Continue Reading

• How can BGP hijacking be detected and prevented?

  What is BGP hijacking or IP hijacking and how do cybercriminals pull off the attacks? Expert Michael Cobb explains how enterprises can mitigate these risks.  Continue Reading