Security News

Nubeva Technologies, a cloud visibility SaaS software developer for enterprises with assets in public and private clouds and data centers, announced support for modern endpoint-based decryption. Nubeva TLS Decrypt, a software solution using symmetric key intercept technology, now allows organizations to offload decryption from proxy-based systems to allow full visibility with improved speed, performance and reduced cost.

With TLS 1.0 and TLS 1.1 considered vulnerable to various types of attacks, including BEAST, CRIME and POODLE, the Internet organization last month announced plans to disable them in its popular browser and allow only connections made using TLS 1.2 and TLS 1.3. An override button on the error page will provide users with the option to fallback to TLS 1.0 or TLS 1.1.

Let's Encrypt said it will give users of its Transport Layer Security certificates more time to replace 1 million certificates that are still active and potentially affected by a Certificate Authority Authorization bug before it revokes them. The popular free certificate authority had given users until Wednesday, March 4, 9:00 p.m. EST to replace 3 million certificates because the bug in its Boulder software-discovered and patched this past Sunday-impacted the way its software checked domain ownership before issuing certificates.

The most popular free certificate signing authority Let's Encrypt is going to revoke more than 3 million TLS certificates within the next 24 hours that may have been issued wrongfully due to a bug in its Certificate Authority software. The bug, which Let's Encrypt confirmed on February 29 and was fixed two hours after discovery, impacted the way it checked the domain name ownership before issuing new TLS certificates.

Starting with 20:00 UTC, today, the non-profit certificate authority Let's Encrypt will begin it's effort to revoke a little over 3 million TLS/SSL certificates that it issued while a bug affected its CA software. "The bug: when a certificate request contained N domain names that needed CAA rechecking, Boulder would pick one domain name and check it N times. What this means in practice is that if a subscriber validated a domain name at time X, and the CAA records for that domain at time X allowed Let's Encrypt issuance, that subscriber would be able to issue a certificate containing that domain name until X+30 days, even if someone later installed CAA records on that domain name that prohibit issuance by Let's Encrypt."

UPDATE. Popular free certificate authority Let's Encrypt said it will revoke 3 million Transport Layer Security certificates Wednesday, because of a Certificate Authority Authorization bug. Let's Encrypt explained on Tuesday it had to revoke the 3 million certificates because of a CAA bug that impacted the way its software checked domain ownership before issuing certificates.

DigiCert, the world's leading provider of TLS/SSL, IoT and PKI solutions, is upgrading channel partners to DigiCert CertCentral Partner, a comprehensive TLS certificate management solution for cloud and hosted environments. CertCentral helps partners customize and automate all stages of certificate lifecycle management for their end customers, as well as easily deliver new features and solutions, while simplifying business management.

That browser makers were voted down might explain why Apple has decided to enforce the change unilaterally, apparently against the wishes of the Certificate Authorities which issue certificates as a business. The browser makers are adamant that reducing validity is good for security because it reduces the time period in which compromised or bogus certificates can be exploited.

Building on a history of delivering high-quality embedded software components, HCC Embedded has added a fully MISRA-compliant TLS 1.3 module to its TCP/IP stack. HCC 's TLS 1.3 builds on its TLS 1.2 offering and its long involvement with TLS to provide advantages to developers in terms of simplicity and robustness that make communication in their critical embedded designs faster and more secure.

We're committed to completely eradicating weak versions of TLS because at Mozilla we believe that user security should not be treated as optional. Although not exactly a household name, TLS is the encryption protocol that makes several types of secure connection possible, including secure versions of SMTP, POP3, FTP and of, course, HTTP. For example, when a browser visits a site using HTTPS, TLS sets up authentication, the exchange of session keys, and agreement on cipher suites.