The Logjam attack does not affect SSL Certificates, but admins should disable support for DHE_EXPORT ciphers and generate a unique 2048-bit Diffie-Hellman group. Users should update their browsers to the most recent version and then watch for updates.
Vulnerabilities
Understanding the Google Chrome Connection Tab
Chrome has made changes to the Connection Tab in Chrome 44. For the updated blog post, click here. The yellow triangle or red ‘X’ icons in Google Chrome’s “Connection” Tab are alarming and can be difficult to understand. Below are four brief explanations about what causes the warnings and some tips for resolving related problems. Public Audit […]
Internet of Things Vulnerabilities in the Sky
The Government Accountability Office outlined many information security vulnerabilities the FAA faces and could be putting everyone in danger.
Certificate Inspector: Missing Fields
DigiCert Certificate Inspector is included as part of the CertCentral BETA program DigiCert announced on April 20, 2015. Although Certificate Inspector is not a new certificate management service, it is still essential for assuring that your SSL Certificates are compliant with industry standards and are deployed correctly. Certificate Inspector helps you make sure your certificates […]
PCI Releases DSS 3.1, Puts Expiration on Weak Encryption
PCI releases DSS version 3.1, SSL and early TLS will no longer be accepted as strong cryptography come June 30, 2016.
IoT Security as a Marketing Advantage
Almost 100% of cars use wireless technology that could be vulnerable to hackers.
OpenSSL Patches 12 Security Vulnerabilities
The new vulnerabilities found in OpenSSL do not affect SSL Certificates, but system administrators should update OpenSSL once patches are available.
FREAK Attack: What You Need to Know
The FREAK attack does not affect SSL Certificates, but admins should disable export-grade ciphers on all servers. Users should install patches for their browsers as they become available.
Superfish-like Behavior Found Again with Komodia and PrivDog
In the last two weeks, we have seen quite a few poor security practices in use with Superfish, Komodia/Lavasoft, and now PrivDog.