CA

(get it in RSS or Atom)

Serious Security: Google finds fake but trusted SSL certificates for its domains, made in France

ff-ssl-warn-250

Google just announced the discovery of a bunch of fake SSL certificates for some of its own domains. The bogus certificates were apparently signed by the certificate authority of the French Treasury.

Paul Ducklin looks at how this sort of blunder happens, and how spot if ever it happens to your company...

The TURKTRUST SSL certificate fiasco - what really happened, and what happens next?

The TURKTRUST SSL certificate fiasco - what happened, and what happens next?

Was the TURKTRUST SSL fiasco an abortive attempt at secret surveillance, or a blundering crisis of convenience?

Paul Ducklin takes stock of the situation...

Android developers - just how much can we trust them to do web security properly?

Android developers - just how much can we trust them to do web security properly?

Six German academics have taken on the question, "Just how well-informed are Android developers, and how much can we trust them to do web security properly?"

It seems the answer is, "Not enough."

Sophos Techknow - Understanding SSL

techknow-logo-170-of-250-at-0250x0250

To many of us, SSL isn't much more than "the padlock in the browser." But how does it work? Who verifies SSL certificates? How do we know we can trust them? What happens if we realise we can't?

Duck and Chet discuss all this, and more, in this episode of the Techknow podcast.

Apple fakery, DNS hack, DigiNotar, Linux, Wikileaks - 60 Sec Security

60ss-20110913-250

Lots of readers said they'd like to see our 'news-with-a-conscience' videos more than once a month.

So here you go. 60 Second Security, once every two weeks.

Firefox 6.0.2 fixes yet more DigiNotar certificate fallout

msfa35-square

Firefox 6.0.2 has just come out, blocking even more browser certificates than Firefox 6.0.1, in yet more fallout from the mess caused by disgraced Dutch web security company DigiNotar.

DEFCON 2011: SSL and the future of authenticity

CCMoxie-JoeShlabotnik245

Moxie Marlinspike proposed a solution to the ongoing trust problems in the SSL protocol. Marlinspike's solution, Convergence, uses a series of notaries to provide a framework for detecting man-in-the-middle attacks while eliminating the need to purchase digital certificates or rely on certificate authorities.