Yesterday, a critical vulnerability in Bash was discovered. Today, the bug has already been found ‘in the wild’ and in use by active exploits against web servers.
Mozilla is following Microsoft’s SHA-1 deprecation timeline and adding SHA-1 security warnings to the Firefox Web Console and browser.
Here’s a quick rundown of the most interesting articles across the Internet this week on the topic of SSL and network security. Firefox sneaks out an “inbetweener” update This week Firefox put out a “point release” to address some security issues, according to Paul Ducklin of nakedsecurity.com. Of the three fixes, one relates to SSL […]
Two easy-to-use free tools to make SHA-1 migration as easy as possible and provide a free SHA-2 certificate for sites upgrading to SHA-256.
The AOSP browser in pre-4.4 Android devices contains a vulnerability that allows hackers to see the contents of other web pages that are open during a browser session. This vulnerability affects a huge number of Android devices in use right now, and there is even a Metasploit module to exploit it. “This is a privacy […]
Let’s take a look at some of the more intriguing news articles this week about SSL Certificates and network security. Security Growing Pangs Loom For 100K+ Sites with Newly Untrusted Certificates Ericka Chickowski of InformationWeek Dark Reading reveals that last week Mozilla revoked a number of root certificates using 1024-bit keys. These root certificates chained […]
85% sites rely on security from SHA-1 certificates, this could problematic for site owners as Google rushes to end trust in SHA-1 over the next few months.
Here is a compilation of some of the more interesting news articles this week on the topic of SSL Certificates and Internet security. CERT/CC Enumerates Android App SSL Validation Failures At threatpost.com, Michael Mimoso takes a look at work being done by researcher Will Dormann at the CERT Coordination Center at the Software Engineering Institute […]
Public Key Pinning protects users against man-in-the-middle attacks and even mis-issued certificates.