Security News

Enhancing TLS Security: Google Adds Quantum-Resistant Encryption in Chrome 116
2023-08-11 12:22

Google has announced plans to add support for quantum-resistant encryption algorithms in its Chrome browser, starting with version 116. "Chrome will begin supporting X25519Kyber768 for establishing symmetric secrets in TLS, starting in Chrome 116, and available behind a flag in Chrome 115," Devon O'Brien said in a post published Thursday.

Microsoft Sharepoint outage caused by use of wrong TLS certificate
2023-07-24 22:46

Microsoft Sharepoint and OneDrive for Business were briefly interrupted today after a German TLS certificate was mistakenly added to the main.com domains for the Microsoft 365 services. At approximately 3:08 PM ET today, a Microsoft 365 advisory 'SP659992' warned that users may be unable to access SharePoint Online and OneDrive for Business.

An Untrustworthy TLS Certificate in Browsers
2022-11-10 15:18

Most western nations like America, Australia etc have legislation "To compell" in one way or abother. Others have placed staff in CA's or by financial manipulation have gained sympathetic help.

Microsoft fixes TLS handshake failures in Windows 11 22H2
2022-10-26 16:54

Microsoft has addressed a known issue that triggers SSL/TLS handshake failures on client and server platforms with the release of the KB5018496 preview cumulative update. [...]

cert-manager: Automatically provision and manage TLS certificates in Kubernetes
2022-10-24 03:30

Cert-manager adds certificates and certificate issuers as resource types in Kubernetes clusters and simplifies the process of obtaining, renewing, and using those certificates. Cert-manager is an open-source project that automates the issuance and renewal of X.509 certificates for cloud-native Kubernetes or OpenShift environments.

Microsoft fixes Windows TLS handshake failures in out-of-band updates
2022-10-17 21:41

Microsoft has issued an out-of-band non-security update to address an issue triggering SSL/TLS handshake failures on client and server platforms. "We address an issue that might affect some types of Secure Sockets Layer and Transport Layer Security connections. These connections might have handshake failures," Microsoft explains.

THE TLS CERTIFICATE MANAGEMENT BEST PRACTICES CHECKLIST
2022-10-14 00:00

In the last year, 60% of organizations suffered a certificate related outage that impacted their critical business applications. These outages are now costing large corporations an average of $5,600 per minute, damaging reputation and growth rates.

China upgrades Great Firewall to defeat censor-beating TLS tools
2022-10-06 03:31

China appears to have upgraded its Great Firewall, the instrument of pervasive real-time censorship it uses to ensure that ideas its government doesn't like don't reach China's citizens. Great Firewall Report, an organization that monitors and reports on China's censorship efforts, has this week posted a pair of assessments indicating a crackdown on TLS encryption-based tools used to evade the Firewall.

Russian Pushing New State-run TLS Certificate Authority to Deal With Sanctions
2022-03-15 20:11

The Russian government has established its own TLS certificate authority to address issues with accessing websites that have arisen in the wake of sanctions imposed by the west following the country's unprovoked military invasion of Ukraine. According to a message posted on the Gosuslugi public services portal, the Ministry of Digital Development is expected to provide a domestic replacement to handle the issuance and renewal of TLS certificates should they get revoked or expired.

Microsoft Azure DevOps revives TLS 1.0/1.1 with rollback
2022-03-15 19:24

Last November, Rajesh Ramamurthy, director of product management for Azure DevOps, announced plans to phase out support for TLS 1.0/1.1 because of the risk of protocol downgrade attacks and other TLS vulnerabilities outside Microsoft's control. TLS downgrade attacks aim to turn strong, more recent versions of TLS into weaker, earlier versions of the protocol to facilitate further exploitation.