Microsoft is upping its game with regards to cryptographic standards. By discontinuing support for the older, weak RC4 cipher and putting Certificate Authorities on note to migrate to SHA-2, it seems to be leading the way to be ready for the future, rather than reacting.
Another Certificate Authority has been caught out having issued certificates that were being used to impersonate Google. Does the SSL padlock not mean we are safe anymore?
Two new proposals have been submitted to the IETF attempting to fix some of the trust problems inherent in the current SSL certificate system used to secure our online communications.
GlobalSign released their report on security incident the certificate authority suffered earlier this year. They're clean, but that doesn't take the spotlight off of the need for a fix to the SSL certificate trust system that is in place.
Mozilla has revoked the signing privileges of another certificate authority for issuing weak and incomplete SSL/TLS certificates.
DigiNotar, the Dutch certificate authority which hackers compromised and used to generate hundreds of bogus web security certificates, has filed for bankruptcy.
Microsoft has permanently revoked all five certificates belonging to DigiNotar for Windows users. In addition to Windows 7 and Vista the new release also provides protection for users of Windows XP. Users of Windows should check for updates and apply this patch as soon as possible.
A preliminary report was released today by Fox-IT, the security team investigating the attack against certificate authority DigiNotar. Many interesting details are included about the hack, including more indications that it primarily affected Iranian users.
Over 500 falsely signed certificates have now been identified and browser makers are permanently removing DigiNotar as a trusted certificate authority. The targeted organizations are far reaching including the CIA and MI6.
Google has blacklisted over 200 certificates seemingly related to the DigiNotar hacking incident. What is the full extent of this breach, and who else may have been targeted?
A rogue certificate was found in the wild more than a month after it was issued allowing someone to masquerade as SSL enabled Google services. Where did this certificate come from, who was using it and what can you do to protect yourself?
Moxie Marlinspike proposed a solution to the ongoing trust problems in the SSL protocol. Marlinspike's solution, Convergence, uses a series of notaries to provide a framework for detecting man-in-the-middle attacks while eliminating the need to purchase digital certificates or rely on certificate authorities.