Security News

Maximum Lifespan of SSL/TLS Certificates is 398 Days Starting Today
2020-09-01 09:51

Cisco has warned of an active zero-day vulnerability in its router software that's being exploited in the wild and could allow a remote, authenticated attacker to carry out memory exhaustion attacks on an affected device. "An attacker could exploit these vulnerabilities by sending crafted IGMP traffic to an affected device," Cisco said in an advisory posted over the weekend.

Maximum Lifespan of SSL/TLS Certificates is 398 Days Starting Today
2020-09-01 05:25

Starting today, the lifespan of new TLS certificates will be limited to 398 days, a little over a year, from the previous maximum certificate lifetime of 27 months. The lifespan of SSL/TLS certificates has shrunk significantly over the last decade.

ISO defines standard approach to embed LEIs within digital certificates
2020-08-20 00:00

ISO has defined a standard approach for Certification Authorities to embed Legal Entity Identifiers within digital certificates. The move to simplify LEI integration paves the way for all digital certificates to be linked by a universal identifier to verified and regularly updated entity reference data, in a freely accessible repository, and also can contain the certificate owner's role within a legal entity.

DigiCert Automation Gateway: Securely monitor, automate and process certificate lifecycle events
2020-08-05 00:15

DigiCert Automation Gateway launches with integration into DigiCert CertCentral in Q4. This new automation approach is designed to accelerate the adoption of automated certificate issuance, renewal, reissuance and revocation by tackling some of the common concerns with existing offerings. Automation Gateway will provide organizations the confidence to widely deploy automation protocols within their company networks to provide greater agility.

Mozilla Joins Apple, Google in Reducing TLS Certificate Lifespans
2020-07-14 03:48

Mozilla is the latest browser maker to have announced updated policies that would reduce the lifetime of TLS certificates. Currently, SSL/TLS certificates have a maximum lifespan of 825 days in an attempt to ensure better protection of HTTPS connections, browser makers such as Apple, Google and Mozilla are looking into reducing that period to 398 days.

Digicert revokes a raft of web security certificates
2020-07-13 14:36

Digicert is one of the Big Five commercial CAs, short for certificate authorities - companies that sign and vouch for the digital certificates that put the the S in HTTPS and the padlock in your browser's address bar. The simplest form of web certificate is called self-signed, and anyone can create a self-signed certificate in seconds that claims to represent any web property they like.

Digicert will shovel some 50,000 EV HTTPS certificates into the furnace this Saturday after audit bungle
2020-07-10 00:29

A notice emitted by the certificate biz explained that a number of its intermediate certificate authorities had issued EV certs to customers despite not being included in DigiCert's WebTrust audits - which goes against the rules for EV certs. "Although there is no security threat, the EV Guidelines require that we revoke EV certificates signed by the affected ICAs by July 11, 2020 at 12pm MDT.".

Google joins Apple in limiting web certificates to one year
2020-06-30 16:53

Google, it seems, is joining Apple in limiting the maximum validity of web security certificates - those digitally signed blobs of data that put the S in TLS and the padlock in your address bar - to just one year. Others ask why a year is seen as "Too long" given that certificate authorities such as Let's Enrcypt are already issuing certificates that are only valid for three months at a time, thanks to a smoothly automated process for renewal.

Expiring security certificates may start shutting down IoT devices
2020-06-25 18:46

A security expert predicts trouble ahead for IoT device makers and customers due to expired root SSL certificates. Dunlap and cyber security specialists are tracking the impact of expiring Certificate Authority root SSL certificates on smart devices, including smart TVs, fridges, lightbulbs, and other IoT devices.

The state of OpenPGP key servers: Kristian, can you renew my certificate? A month later: Kristian? Ten days later: Too late, it’s expired
2020-06-24 00:05

"Hi all, Has anyone seen or heard from Kristian in the last month or so?" asked Todd Fleisher earlier this month - in fact, 11 June - on the main mailing list for an important cluster of OpenPGP key servers. Fiskerstrand, who had seemingly gone AWOL, issues cryptographic certificates to servers that join the SKS keyserver pools, allowing these volunteer machines to share the load in securely handling key lookup requests.