PKI and Digital Certificates
- January 22, 2020
Security researchers revealed Netgear firmware exposed TLS certificate keys, but SearchSecurity discovered it wasn't the first time the issue had been reported to the vendor.
- September 17, 2019
A new certificate fraud scheme involves a threat actor impersonating company execs to purchase certs which are then resold to those looking to spread malware.
- March 22, 2019
Security researchers discovered the availability of SSL/TLS certificates for sale on the dark web, which allow cybercriminals to disguise their malicious activity as legitimate.
- March 11, 2019
Threat actors are exploiting encryption protocols to deliver malicious content, according to Zscaler, which found a 400% increase in SSL-based phishing threats last year.
- March 07, 2019
Cryptographers at RSAC 2019 discussed personal data protection laws and challenges, future threats and the pressure for tech companies to work with law enforcement on decryption.
- February 08, 2019
This week's Risk & Repeat podcast looks at Apple's decision to temporarily revoke Facebook's and Google's enterprise certificates following reports of questionable app activity.
- January 16, 2019
This week's Risk & Repeat podcast looks at the expiration of more than 80 TLS certificates for U.S. government websites amid the ongoing government shutdown.
- December 19, 2018
This week's Risk & Repeat podcast looks at the U.S. House Committee on Oversight and Government Reform report on the Equifax breach and the infosec lessons to be learned from it.
- December 14, 2018
News roundup: Mozilla finally removes trust for Symantec certificates with Firefox 64. Plus, Supermicro's investigation challenges Bloomberg Businessweek's report, and more.
- October 03, 2018
Quantum computing threats are on the horizon, but DigiCert, Gemalto and ISARA have teamed up to develop new quantum-proof digital certificates and remake the PKI industry.
- June 29, 2018
Rival certificate authorities GlobalSign and Comodo CA have strengthened their presence in the IoT security market with new platforms for connected devices.
- April 16, 2018
A new key and certificate management service is now offered by SSH, which teamed up with AppViewX to provide a way to administer cryptographic keys and digital certificates.
- March 27, 2018
The IETF approves the TLS 1.3 encryption protocol upgrade after four years and 28 versions; improvements include better security and performance, as well as middlebox support.
- March 07, 2018
In this week's Risk & Repeat podcast, SearchSecurity editors discuss how a controversial move by reseller Trustico led to 23,000 Symantec SSL certificates being revoked.
- March 02, 2018
DigiCert revoked 23,000 Symantec SSL certificates amid a public spat between the company and former reseller partner Trustico, which claimed the certificates were 'compromised.'
- February 08, 2018
A security researcher found that a significant number of popular websites are still using untrusted certificates from Symantec, which will be invalidated this year.
- January 30, 2018
Comodo CA's new chairman Bill Conner and CEO Bill Holtz talk with SearchSecurity about competition in the certificate market and how the internet of things will fuel growth.
- January 25, 2018
Bill Conner and Bill Holtz, who recently joined Comodo CA as chairman and CEO, respectively, discuss Symantec's certificate issues and their effect on the certificate market.
- January 17, 2018
In this week's Risk & Repeat podcast, SearchSecurity editors discuss Let's Encrypt certificates and weigh the positives and negatives the free certificate authority provides.
- November 08, 2017
In this week's Risk & Repeat podcast, SearchSecurity editors discuss the sale of Symantec Website Security to DigiCert and what it means for Symantec's troubled certificate business.
- October 13, 2017
News roundup: The DOJ calls for 'responsible encryption' to comply with court orders. Plus, there's more bad cybersecurity news for banks, and Accenture data in AWS gets exposed.
- August 08, 2017
The Symantec-Google feud regarding the antivirus vendor's web certificate practices appears to be over. But that doesn't mean it should be minimized or ignored.
- August 03, 2017
DigiCert agrees to buy majority stake in Symantec Website Security just days after Google releases an April 2018 distrust date for Symantec certificates.
- July 20, 2017
As the Symantec certificate authority scrambles to transition its certificate-issuance operations to a subordinate certificate authority, the CA industry sharpens its knives.
- July 19, 2017
Symantec has agreed to a plan that would transfer its certificate issuance and validation operations to as-yet-unnamed third-party partner starting Dec. 1.
- July 13, 2017
As Google and Mozilla prepare plans to reduce trust for Symantec's certificate authority, the antivirus vendor is reported to be seeking a buyer for its web certificate business.
- July 10, 2017
Google to distrust all WoSign CA certificates in Chrome starting in September, as the troubled certificate authority passed a key audit and is seeking a new CEO to help return trust.
- June 14, 2017
The battle over Symantec CA operations continues as the antivirus vendor pushes back against a consensus remediation proposal from the web browser community.
- June 06, 2017
Is the Symantec certificate authority operation too big to fail? That seems to be the message the security giant is sending in its latest response to a proposal from the browser community to turn ...
- May 04, 2017
In this episode of SearchSecurity's Risk & Repeat podcast, editors discuss Symantec's continued struggles with certificate trust, and what Mozilla and Google are doing about it.
- May 02, 2017
Mozilla reviews the counterproposal from Symantec and urges the CA giant to opt for Google's recommendation to outsource its certificate activities.
- April 28, 2017
Symantec certificate authority proposal takes the pain out of sanctions for misissued certs, offers more audits, greater transparency and promise of "continuous improvement."
- April 25, 2017
Google and Mozilla weigh the proper response to Symantec certificate authority issues, as the CA giant prepares an alternative proposal for reinstating trust.
- April 19, 2017
In this episode of SearchSecurity's Risk & Repeat podcast, editors discuss mounting pressure on the Symantec certificate authority business to provide answers about its practices.
- April 12, 2017
Compliance with CA/B Forum Baseline Requirements was debated after Symantec CA posted responses to 14 issues raised by Mozilla developers.
- April 04, 2017
Mozilla developers respond to questionable Symantec certificate authority practices, as the security provider questions Google's proposed solutions.
- March 31, 2017
In this episode of SearchSecurity's Risk & Repeat podcast, editors discuss Google's proposed plan to distrust Symantec certificates following more allegations of mis-issuance.
- March 29, 2017
A researcher claims to have found Symantec SSL API issues with extremely dangerous consequences, but a lack of evidence causes confusion.
- March 24, 2017
Symantec certificate authority cries foul, as Google considers severe options following the company allegedly misissuing as many as 30,000 digital certificates.
- March 24, 2017
Certificate authority Comodo has submitted two new Certificate Transparency logs for approval by Google, which aim to accept any publicly trusted certificates from any CA.
- February 23, 2017
SHA-1 deprecation in browsers comes as researchers create hash collisions and Google offers website and developer tools to protect against malicious uses.
- January 27, 2017
One week after certificate transparency revealed a Symantec CA improperly issued over 100 digital certificates, Symantec offers more details on the incident.
- January 27, 2017
Google is expanding its certificate authority capabilities by creating its own root certificate authority, but experts are unsure of Google's plans moving forward.
- January 24, 2017
Symantec CA could be in for more trouble after a security researcher, using Certificate Transparency logs, discovered more than 100 improperly issued certificates.
- October 31, 2016
Certificate transparency compliance will be mandatory for publicly trusted website certificates in order to be considered secure by Google's Chrome browser.
- October 28, 2016
Mozilla boots WoSign as a trusted certificate authority for backdating SHA-1 certs and other controversial behavior, and it prepares to add default support for TLS 1.3 in 2017.
- October 21, 2016
Roundup: Firefox browser will reject SHA-1 certificates as soon as Mozilla announces further details relating to the deprecation of the outdated algorithm; plus, Oracle patches and more.
- October 14, 2016
Attempting to tidy its root certificates, a mis-issued GlobalSign certificate revocation list left website owners scrambling to address cert errors, restore safe browsing icons.
- September 29, 2016
Citing a long list of transgressions, Mozilla prepares to sanction Chinese certificate authority WoSign by removing it from its list of trusted certificate issuers.
- March 18, 2016
Roundup: Google pushes efforts on HTTPS, Certificate Transparency and more to safeguard the Web with encryption, while other tech firms are eyeing more, stronger encryption.
- December 23, 2015
Increasing desire to be rid of SHA-1-signed certificates causes Google to join Microsoft, Mozilla in a likely acceleration of Chrome SHA-1 deprecation by six months.
- November 24, 2015
Dell issued a fix for a root certificate similar to Superfish that could potentially allow attackers to intercept encrypted private data on its PCs.
- November 19, 2015
The DNSSEC protocol is a flawed solution to certificate authorities, but experts said any controversy surrounding the potential spying is more misunderstanding than fact.
- November 06, 2015
News roundup: Troubling research on PKI certificate revocation; encryption research finds usability lacking; GnuPG adds features. Plus: More zero-days, xCodeGhost still haunting Apple and more.
- October 30, 2015
Google demands Certificate Transparency for all Symantec-issued certificates in wake of last month's escalating disclosures about fake "testing" certificates.
- September 22, 2015
Symantec testers created unauthorized Extended Validation certificates, but the bad certificates were caught by the Certificate Transparency log.
- September 18, 2015
News roundup: Additional research shows a Cisco router implant affects more devices than originally reported. Plus: Let's Encrypt's first cert issued; Tor in the library; the mitigated (but not fixed) iOS AirDrop vulnerability.
- February 23, 2015
A new study finds that enterprises, especially healthcare companies, are slow to adopt the DMARC email authentication standard, making them vulnerable to malicious emailers.
- February 05, 2015
Kaspersky reports digitally signed malware -- malicious files using legitimate digital certificates -- is a growing threat to enterprises, increasing four-fold in the past six years.
- January 09, 2015
Experts say the security industry's 'blind trust' may result in a new wave of security threats caused by fake SSL certificates, including man-in-the-middle and DNS attacks.
- April 18, 2014
In the wake of the Heartbleed OpenSSL vulnerability, the massive deluge of revoked certificates could cause palpitations across the Internet.
- January 08, 2013
Enterprises can disrupt cybercriminals and deter future attacks, explained Dmitri Alperovitch, CTO of CrowdStrike Inc. The approach has its critics.
- February 29, 2012
Researcher Moxie Marlinspike came down on certificate authority security at RSA Conference 2012, calling for trusted notary servers as an alternative.
- November 16, 2011
New malware that is signed with a valid digital certificate once belonging to the Malaysian government has been discovered by researchers at F-Secure.
- September 21, 2011
Certificate authority, DigiNotar filed for bankruptcy protection following a breach of its digital certificate systems and the issuance of fraudulent SSL certificates.
- September 06, 2011
A report prepared by the IT security firm conducting an audit of the DigiNotar network, found serious lapses in security and more than two dozen compromised CA servers.
- July 07, 2009
Security researchers Alexander Sotirov and Mike Zusman will demonstrate new offline man-in-the-middle hacks against extended validation SSL certificates at the Black Hat Briefings.
- March 16, 2009
A new USB-like device, hardened with security features, could overtake one-time password devices and give end users flash memory to carry around encrypted data.
- January 05, 2009
VeriSign is moving completely to the new SHA-1 hash function to avoid a vulnerability affecting SSL certificates. Microsoft and Mozilla also weighed in on the problem.
- December 30, 2008
Security researchers exploit weaknesses in digital certificates to bypass browser security. Experts say the method is within reach of well-funded cybercriminals.
- June 27, 2006
Security can be a hard sell beyond the IT realm, even for security pros at NASA. But nothing motivates people like regulatory pressure and a fear of being the next data breach headline.
- July 13, 2005
Banking credential issuer Identrus has certified Public Key Infrastructure encryption on z/OS. IBM says digital certificates will improve data security.
- April 12, 2005
In the 1970s, Martin Hellman and Whitfield Diffie wrote the recipe for one of today's most widely used security algorithms in a paper called "New Directions in Cryptography." The paper mapped out the Diffie-Hellman key exchange, a major ...
- April 30, 2001 30 Apr'01
- April 25, 2001 25 Apr'01
- April 12, 2001 12 Apr'01