Lucene search
+L

99 matches found

ThreatPost
ThreatPost
added 2016/12/13 9:0 a.m.16 views

Facebook Releases Free Certificate Transparency Monitoring Tool

The movement toward Certificate Transparency CT has brought about a healthy improvement, not only in the way organizations monitor and audit TLS certs, but also in cutting down the number of malicious or mistakenly issued certificates. CT, a framework developed by Google, works because Certificat...

6.9AI score
Exploits0References6
ThreatPost
ThreatPost
added 2016/10/29 6:0 a.m.11 views

Google to Make Certificate Transparency Mandatory By 2017

Google is making Certificate Transparency mandatory for its Chrome web browser by October 2017. Google software engineer Ryan Sleevi made the announcement in conjunction with the CA/Browser Forum that took place in Redmond, Washington last week. The move is an attempt to reduce the number of doma...

0.2AI score
Exploits0References1
The Hacker News
The Hacker News
added 2016/08/29 6:49 a.m.14 views

Chinese Certificate Authority 'mistakenly' gave out SSL Certs for GitHub Domains

A Chinese certificate authority CA appeared to be making a significant security blunder by handing out duplicate SSL certificates for a base domain if someone just has control over its any subdomain. The certificate authority, named WoSign, issued a base certificate for the Github domains to an...

7.1AI score
Exploits0
The Hacker News
The Hacker News
added 2016/04/11 5:27 a.m.15 views

How Certificate Transparency Monitoring Tool Helped Facebook Early Detect Duplicate SSL Certs

Earlier this year, Facebook came across a bunch of duplicate SSL certificates for some of its own domains and revoked them immediately with the help of its own Certificate Transparency Monitoring Tool service. Digital certificates are the backbone of our secure Internet, which protects sensitive...

6.5AI score
Exploits0
The Hacker News
The Hacker News
added 2016/04/11 4:6 a.m.15 views

What is Certificate Transparency? How It helps Detect Fake SSL Certificates

Do you know there is a huge encryption backdoor still exists on the Internet that most people don't know about? I am talking about the traditional Digital Certificate Management System… the weakest link, which is completely based on trust, and it has already been broken several times. To ensure t...

6.9AI score
Exploits0
Opera Security Advisories
Opera Security Advisories
added 2015/10/29 12:0 a.m.8 views

Misissued certificates

Security Misissued certificates Share October 29th, 2015 Recently, Google found a google.com pre-certificate in a CT log, without having ordered one. This lead to a series of incidents, also involving Opera and its security team. The backstory Google promptly contacted Symantec who had issued the...

8.8CVSS7.2AI score0.01654EPSS
Exploits4References1
ThreatPost
ThreatPost
added 2015/04/14 12:26 p.m.10 views

DigiCert Offers Continuous Monitoring of Digital Certificates to Defeat Fraud

It’s an interesting time for certificate authorities. On the one hand, interest has never been higher in Web encryption, privacy and transport security, thanks to Edward Snowden. But on the other hand, the last few years has seen a steady stream of compromises of CAs, mis-issued certificates and...

0.5AI score
Exploits0References3
ThreatPost
ThreatPost
added 2015/01/27 10:25 a.m.9 views

Venafi to Launch Certificate Transparency Log

Three weeks after the first non-Google public log for Certificate Transparency was launched by DigiCert, officials at Venafi said that the company plans to debut its own public CT log. On Jan. 1 Google approved the use of DigiCert’s log, the first CT log that is independent and not operated by...

0.1AI score
Exploits0References3
ThreatPost
ThreatPost
added 2015/01/12 10:35 a.m.8 views

Certificate Transparency Moves Forward With First Independent Log

The Certificate Transparency scheme proposed by Google engineers has taken a couple of significant steps forward recently, with the approval of the first independent certificate log and the passing of a deadline for all extended validation certificates to be CT-compliant or lose the green indicat...

Exploits0References3
ThreatPost
ThreatPost
added 2014/12/17 1:57 p.m.12 views

Google Releases End-To-End Chrome Extension to Open Source

Google yesterday announced that it has released the source code for its End-to-End extension for Chrome to open source via GitHub. End-to-End enables Gmail users to encrypt, sign and verify email messages within the Chrome browser, using OpenPGP. “We’ve always believed strongly that End-To-End mu...

7.2AI score
Exploits0References3
ThreatPost
ThreatPost
added 2014/12/11 7:0 a.m.9 views

Mozilla to Support Certificate Transparency in Firefox

Mozilla is planning to add support for Certificate Transparency checks in Firefox in the near future, but the company says that the feature won’t be turned on by default at first. Certificate Transparency is a proposal from engineers at Google that would help resolve some of the issues with...

0.7AI score
Exploits0References5
ThreatPost
ThreatPost
added 2014/08/07 3:0 p.m.9 views

Yahoo to Release End-to-End Encryption for Email Users

LAS VEGAS–Yahoo plans to enable end-to-end encryption for all of its Mail users next year. The company is working with Google on the project and the encryption will be mostly transparent for users, making it as simple as possible to use. Alex Stamos, CISO at Yahoo, said that the project has been ...

7.2AI score
Exploits0References2
ThreatPost
ThreatPost
added 2014/07/15 1:25 p.m.20 views

SSL Black List Aims to Publicize Certificates Associated With Malware

Malware and botnet operators are always adapting their tactics, trying to stay a step or two ahead of defensive technologies and techniques. One of the methods many attackers have adopted is using SSL to communicate with the infected machines they control, and a researcher has started a new...

1.2AI score
Exploits0References6
The Hacker News
The Hacker News
added 2014/07/09 6:47 a.m.23 views

Google catches Indian Government Agency with Fake Digital Certificates

Google has identified and blocked unauthorized digital certificates for a number of its domains issued by the National Informatics Centre NIC of India, a unit of India’s Ministry of Communications and Information Technology. National Informatics Center NIC holds several intermediate Certification...

6.5AI score
Exploits0
ThreatPost
ThreatPost
added 2014/04/03 10:26 a.m.7 views

Yahoo Encrypts Data Center Communication Links

Yahoo certainly has taken its share of knocks during the past nine months of surveillance revelations and Snowden leaks for its encryption shortcomings. But the bruises are healing and the company is slowly working its way back into good graces. After months of being an encryption laggard, Yahoo...

7AI score
Exploits0References5
The Hacker News
The Hacker News
added 2014/04/03 4:53 a.m.11 views

YAHOO! Now Encrypts Everything; Encrypted Yahoo Messenger Coming Soon

ON HIGH-PRIORITY YAHOO! is finally rolling out encryption implementation over their site and services in order to protect users. Yahoo is rapidly becoming one of the most aggressive supporters of encryption, as in January this year Yahoo enabled the HTTPS connections by default, that automaticall...

6.4AI score
Exploits0
ThreatPost
ThreatPost
added 2014/02/27 6:26 p.m.11 views

Fixing Trust Through Certificate Transparency

SAN FRANCISCO–The security of data being transmitted over the Web relies on a large number of moving parts, from the integrity of the machine sending the data, to the security of the browser, to the implementation of encryption, to the fragility of the certificate authority system. Experts have...

7AI score
Exploits0References3
ThreatPost
ThreatPost
added 2013/12/09 12:16 p.m.7 views

French Government Impersonates Google Digital Certificate

Google last week revoked digital certificates for some of its domains that had been fraudulently signed by an intermediate certificate authority with links to France’s cyber-defense agency. The Agence Nationale de la Sécurité des Systèmes d’Information ANSSI claims that the spoofed Google...

1.8AI score
Exploits0
ThreatPost
ThreatPost
added 2013/09/10 10:35 a.m.13 views

GlobalSign Commits to Certificate Transparency Framework

If you were going to try and determine who has had a worse go of it recently, the NSA or certificate authorities, you’d likely have to just flip a coin. And the coin would probably end up balanced on its edge. While the National Security Agency is scrambling to respond to and recover from the...

6.7AI score
Exploits0References6
Rows per page
Query Builder