(get it in RSS or Atom)

Anatomy of a certificate problem - the "PrivDog" software in the spotlight

The bug's now fixed, but when software offers to make your secure transactions more secure... don't expect things to work the other way around!

Google and EFF propose improvements to HTTPS as GlobalSign releases CA breach report

GlobalSign gives itself clean bill of health after Iranian hacker's braggadocio

GlobalSign released their report on security incident the certificate authority suffered earlier this year. They're clean, but that doesn't take the spotlight off of the need for a fix to the SSL certificate trust system that is in place.

Operation Black Tulip: Fox-IT's report on the DigiNotar breach


A preliminary report was released today by Fox-IT, the security team investigating the attack against certificate authority DigiNotar. Many interesting details are included about the hack, including more indications that it primarily affected Iranian users.

SSCC 54 - Firefox, MySQL hacked, Comodo and Facebook

Sophos Security Chet Chat 41

Michael Argast joins Chet for a HUGE Chet Chat this week. They primarily cover Facebook's new SSL/anti-likejacking, Comodo SSL hack, Firefox 4 and the SQL injection attacks against MySQL and Sun/Oracle. Extra: Don't miss the blooper of Chet mistakenly calling this Chet Chat 55... That's next week.

Comodo hacker outs himself, claims "no relation to Iranian Cyber Army"


Iranian hacker admits to the recent security breach at Comodo SSL. Aside from his delusional ramblings, it appears he may in fact be the hacker who compromised their systems and reveals how easy the task really was.

Fraudulent certificates issued by Comodo, is it time to rethink who we trust?


Today, Microsoft issued a Security Advisory warning that fraudulent digital certificates were issued by the Comodo Certificate Authority. This could allow malicious spoofing of high profile websites, including Google, Yahoo! and Windows Live.