On Tuesday, the CEO of UK certificate reseller Trustico decided to settle an argument with Digicert executive VP Jeremy Rowley by emailing him the private keys for 23,000 TLS certificates that had been issued by Symantec's disgraced Certificate Authority, to prove they had been compromised.
Read the rest
Cloudflare's joint research with "a large e-commerce site" and Mozilla found that between 4-10% of secure, encrypted web connections are "intercepted," largely by corporate antivirus software that inserts its own certificates into users' browsers, allowing it to scan all traffic entering workers' computers. Read the rest
In 2012, Google introduced Certificate Transparency, an internet-wide tripwire system designed to catch cryptographic "certificate authorities" who abused their position to produce counterfeit credentials that would allow criminals, governments and police to spy on and tamper with secure internet connections. Read the rest
In 2012, Google rolled out Certificate Transparency, a clever system to spot corrupt "Certificate Authorities," the entities who hand out the cryptographic certificates that secure the web. If Certificate Authorities fail to do their jobs, they put the entire electronic realm in danger -- bad certificates could allow anything from eavesdropping on financial transactions to spoofing industrial control systems into accepting malicious software updates. Read the rest
An imminently forthcoming version of Google's Chrome browser will flip the way that browsers convey information about privacy and security to users: instead of discreetly informing users that the HTTPS-enabled sites they're browsing are more secure, they'll flag any non-HTTPS site as insecure, with a series of escalating alerts that will end -- at some unspecified date -- by displaying an exclamation point inside red triangle and the letters HTTP next to the web addresses of non-HTTPS sites. Read the rest
The world's most sophisticated security experts have been bombarded with recruiting offers from UAE-based company Darkmatter, which bills itself as a major state security contractor -- but people who've taken the bait say they were then told that they were being hired to weaponize huge arsenals of zero-day vulnerabilities so that the UAE can subject its own population to fine-grained, continuous surveillance. Read the rest