Category: certificates

Auto Added by WPeMatico

E-Mailing Private HTTPS Keys

Posted on By infossl
certificates, email, https, keys, Security technology, securitypolicies, tls

I don’t know what to make of this story: The email was sent on Tuesday by the CEO of Trustico, a UK-based reseller of TLS certificates issued by the browser-trusted certificate authorities Comodo and, until recently, Symantec. It was sent to Jeremy Rowley, an executive vice president at DigiCert, a certificate authority that acquired Symantec’s … Read More “E-Mailing Private HTTPS Keys” »

Signed Malware

Posted on By infossl
academicpapers, antivirus, certificates, forgery, malware, Security technology, signatures, stuxnet

Stuxnet famously used legitimate digital certificates to sign its malware. A research paper from last year found that the practice is much more common than previously thought. Now, researchers have presented proof that digitally signed malware is much more common than previously believed. What’s more, it predated Stuxnet, with the first known instance occurring in … Read More “Signed Malware” »

Security Vulnerabilities in Certificate Pinning

Posted on By infossl
academicpapers, certificates, maninthemiddleattacks, Security technology, vpn, vulnerabilities

New research found that many banks offer certificate pinning as a security feature, but fail to authenticate the hostname. This leaves the systems open to man-in-the-middle attacks. From the paper: Abstract: Certificate verification is a crucial stage in the establishment of a TLS connection. A common security flaw in TLS implementations is the lack of … Read More “Security Vulnerabilities in Certificate Pinning” »

Let's Encrypt Is Making Web Encryption Easier

Posted on By infossl
academicpapers, certificates, cryptography, encryption, Security technology

That’s the conclusion of a research paper: Once [costs and complexity] are eliminated, it enables big hosting providers to issue and deploy certificates for their customers in bulk, thus quickly and automatically enable encryption across a large number of domains. For example, we have shown that currently, 47% of LE certified domains are hosted at … Read More “Let's Encrypt Is Making Web Encryption Easier” »

Economic Failures of HTTPS Encryption

Posted on By infossl
academicpapers, certificates, costbenefitanalysis, economicsofsecurity, externalities, https, Security technology, vulnerabilities

Interesting paper: “Security Collapse of the HTTPS Market.” From the conclusion: Recent breaches at CAs have exposed several systemic vulnerabilities and market failures inherent in the current HTTPS authentication model: the security of the entire ecosystem suffers if any of the hundreds of CAs is compromised (weakest link); browsers are unable to revoke trust in … Read More “Economic Failures of HTTPS Encryption” »

A New Free CA

Posted on By infossl
certificates, eff, encryption, Security technology, ssl, tls

Announcing Let’s Encrypt, a new free certificate authority. This is a joint project of EFF, Mozilla, Cisco, Akamai, and the University of Michigan. This is an absolutely fantastic idea. The anchor for any TLS-protected communication is a public-key certificate which demonstrates that the server you’re actually talking to is the server you intended to talk … Read More “A New Free CA” »