Security News

Let’s Encrypt to Revoke Millions of TLS Certs
2020-03-03 20:13

UPDATE. Popular free certificate authority Let's Encrypt said it will revoke 3 million Transport Layer Security certificates Wednesday, because of a Certificate Authority Authorization bug. Let's Encrypt explained on Tuesday it had to revoke the 3 million certificates because of a CAA bug that impacted the way its software checked domain ownership before issuing certificates.

DigiCert introduces upgraded TLS certificate, business manager for channel partners
2020-02-27 17:44

DigiCert, the world's leading provider of TLS/SSL, IoT and PKI solutions, is upgrading channel partners to DigiCert CertCentral Partner, a comprehensive TLS certificate management solution for cloud and hosted environments. CertCentral helps partners customize and automate all stages of certificate lifecycle management for their end customers, as well as easily deliver new features and solutions, while simplifying business management.

Apple chops Safari’s TLS certificate validity down to one year
2020-02-24 11:42

That browser makers were voted down might explain why Apple has decided to enforce the change unilaterally, apparently against the wishes of the Certificate Authorities which issue certificates as a business. The browser makers are adamant that reducing validity is good for security because it reduces the time period in which compromised or bogus certificates can be exploited.

HCC Embedded adds MISRA-compliant TLS 1.3 module to its TCP/IP stack
2020-02-17 02:00

Building on a history of delivering high-quality embedded software components, HCC Embedded has added a fully MISRA-compliant TLS 1.3 module to its TCP/IP stack. HCC 's TLS 1.3 builds on its TLS 1.2 offering and its long involvement with TLS to provide advantages to developers in terms of simplicity and robustness that make communication in their critical embedded designs faster and more secure.

Mozilla issues final warning to websites using TLS 1.0
2020-02-12 16:13

We're committed to completely eradicating weak versions of TLS because at Mozilla we believe that user security should not be treated as optional. Although not exactly a household name, TLS is the encryption protocol that makes several types of secure connection possible, including secure versions of SMTP, POP3, FTP and of, course, HTTP. For example, when a browser visits a site using HTTPS, TLS sets up authentication, the exchange of session keys, and agreement on cipher suites.

Firefox 74 Will Disable TLS 1.0 and TLS 1.1 by Default
2020-02-11 12:11

An improvement over the Secure Sockets Layer protocol, TLS is meant to improve the security of the Web, but flaws and weaknesses in older iterations, specifically TLS 1.0 and TLS 1.1, render connections vulnerable to attacks such as BEAST, CRIME and POODLE. The newer TLS 1.2 and TLS 1.3 versions are both faster and safer, and major browser vendors have already laid out plans to deprecate the older releases to ensure the security of their users. Mozilla has already introduced the change in Firefox Beta 73, in which the minimum TLS version allowable by default is TLS 1.2.

These truly are the end times for TLS 1.0, 1.1: Firefox hopes to 'eradicate' weak HTTPS standard by blocking it
2020-02-10 19:47

Mozilla Firefox will require user intervention to connect to websites using the TLS 1.0 or 1.1 protocol from March 2020 - and plans to eventually block those weak HTTPS connections entirely. Web servers should really be using TLS 1.2 or 1.3 for their encrypted and secure HTTPS connections.

Leaving your admin interface's TLS cert and private key in your router firmware in 2020? Just Netgear things
2020-01-20 21:23

Netgear left in its router firmware key ingredients needed to intercept and tamper with secure connections to its equipment's web-based admin interfaces. Specifically, valid, signed TLS certificates with private keys were embedded in the software, which was available to download for free by anyone, and also shipped with Netgear devices.

Android Ups the Mobile Security Ante with Default TLS Encryption
2019-12-03 18:00

More than 90 percent of Android apps running on the latest OS encrypt their traffic by default.

The NSA Warns of TLS Inspection
2019-11-22 12:16

The NSA has released a security advisory warning of the dangers of TLS inspection: Transport Layer Security Inspection (TLSI), also known as TLS break and inspect, is a security process that...