This week’s tip is about not ignoring security warnings—especially those for SHA-1.
News
This Week in SSL – Shell Shock, Smartphone Encryption, and Google’s SSL Push
Let’s take a look at some of the more interesting articles that appeared this week on the subject of SSL Certificates and Internet security. Patch Bash NOW: ‘Shell Shock’ bug blasts OS X, Linux systems wide open This article, one of many on the topic this week, provides information about the newly-discovered “Shell Shock” bug […]
Shellshock Bash Bug: What You Need to Know
Yesterday, a critical vulnerability in Bash was discovered. Today, the bug has already been found ‘in the wild’ and in use by active exploits against web servers.
Mozilla to Add SHA-1 Security Warnings
Mozilla is following Microsoft’s SHA-1 deprecation timeline and adding SHA-1 security warnings to the Firefox Web Console and browser.
This Week in SSL – Firefox Security Update, Turkish Internet Crackdown, and more Security Woes for Android
Here’s a quick rundown of the most interesting articles across the Internet this week on the topic of SSL and network security. Firefox sneaks out an “inbetweener” update This week Firefox put out a “point release” to address some security issues, according to Paul Ducklin of nakedsecurity.com. Of the three fixes, one relates to SSL […]
What Is SHA-2 and How the SHA-1 Deprecation Affects You
Two easy-to-use free tools to make SHA-1 migration as easy as possible and provide a free SHA-2 certificate for sites upgrading to SHA-256.
Android Browser Bug Allows Same Origin Policy Bypass
The AOSP browser in pre-4.4 Android devices contains a vulnerability that allows hackers to see the contents of other web pages that are open during a browser session. This vulnerability affects a huge number of Android devices in use right now, and there is even a Metasploit module to exploit it. “This is a privacy […]
This Week in SSL – Mozilla Revokes 1024-bit Roots Certs, Two-Factor Under Attack, Chinese MITM Attacks
Let’s take a look at some of the more intriguing news articles this week about SSL Certificates and network security. Security Growing Pangs Loom For 100K+ Sites with Newly Untrusted Certificates Ericka Chickowski of InformationWeek Dark Reading reveals that last week Mozilla revoked a number of root certificates using 1024-bit keys. These root certificates chained […]
Google Ending Trust for SHA-1 SSL Sites, How it Affects You
85% sites rely on security from SHA-1 certificates, this could problematic for site owners as Google rushes to end trust in SHA-1 over the next few months.