7 matches found
mkcert: valid HTTPS certificates for localhost
or for any other names The web is moving to HTTPS, preventing network attackers from observing or injecting page contents. But HTTPS needs TLS certificates, and while deployment is increasingly a solved issue thanks to the ACME protocol and Let's Encrypt, development still mostly ends up happenin...
Groundbreaking Cyber Fast Track Research Program Ending
VANCOUVER–When Peiter Zatko, the security researcher and pioneering hacker known as Mudge, joined the federal government several years ago to help run a DARPA research program, some in the security industry wondered what effect someone with his background could have in an organization as famously...
CAs Form New Alliance to Focus on Security Issues, Education
A group of large certificate authorities, including some that have been the victims of recent compromises of their CA systems, have formed an alliance designed to develop strategies for strengthening the CA infrastructure through education and industry initiatives. Comodo, DigiCert, Entrust,...
Moxie Marlinspike on TACK, Convergence and Trust Agility
Dennis Fisher talks with Moxie Marlinspike about his new IETF proposal, TACK, which lays out a way for sites to assert the authenticity of their public keys. They also discuss the Convergence system for replacing the CA infrastructure and the ways in which browser vendors can help enable better...
DigiNotar Hacker Says He Has GlobalSign Database Backups, Other Data
As GlobalSign continues the investigation into the claimed compromise of its CA infrastructure, the attacker who says he breached DigiNotar and Comodo said in another message on Pastebin Wednesday that not only did he hack GlobalSign, but he has the private key used to sign the certificate for th...
Comodo, DigiNotar Attacks Expose Crumbling Foundation of CA System
There are a lot of things in the security world that are broken and there isn’t room to list them all, even on the Internet. But if the events of the last few days have shown us anything, it’s that the certificate authority infrastructure is beyond broken and there’s no quick fix looming on the...
DigiNotar Says Its CA Infrastructure Was Compromised
VASCO, the parent company of DigiNotar, says that the fraudulent certificate for Google’s domains that the certificate authority issued was just one of many such bogus certificates it handed out in recent months, and blamed the growing scandal on an attack on its CA infrastructure. In a statement...