(get it in RSS or Atom)

Sophos Techknow - Understanding SSL


To many of us, SSL isn't much more than "the padlock in the browser." But how does it work? Who verifies SSL certificates? How do we know we can trust them? What happens if we realise we can't?

Duck and Chet discuss all this, and more, in this episode of the Techknow podcast.

Google and EFF propose improvements to HTTPS as GlobalSign releases CA breach report

GlobalSign gives itself clean bill of health after Iranian hacker's braggadocio

GlobalSign released their report on security incident the certificate authority suffered earlier this year. They're clean, but that doesn't take the spotlight off of the need for a fix to the SSL certificate trust system that is in place.

Apple releases OS X 10.7.2 and iOS 5 with enormous security patch


A comprehensive look at the security updates in iOS 5 and OS X Lion 10.7.2. In addition to new features for iOS users, many critical fixes are present.

End of the road for DigiNotar as bankruptcy declared


DigiNotar, the Dutch certificate authority which hackers compromised and used to generate hundreds of bogus web security certificates, has filed for bankruptcy.

Microsoft reissues update for Win XP/2003 for DigiNotar certificate revocation


Microsoft has reissued a security update to remove DigiNotar's certificates from Windows XP and Windows 2003 after a mistake in last week's Patch Tuesday failed to remove most important certificates that were being abused.

SSCC 72 - DigiNotar, DNS hijacking and Firesheep v2

Sophos Security Chet Chat 41

Mike Wood a Senior Threat Researcher with SophosLabs is Chet's guest. They discuss the upcoming Patch Tuesday, the new Firesheep and go in depth on the recent troubles at certificate authority DigiNotar.

Apple fakery, DNS hack, DigiNotar, Linux, Wikileaks - 60 Sec Security


Lots of readers said they'd like to see our 'news-with-a-conscience' videos more than once a month.

So here you go. 60 Second Security, once every two weeks.

GlobalSign gives itself clean bill of health after Iranian hacker's braggadocio


Digital certificate authority GlobalSign rather gutsily took itself out of business last week following a burst of online braggadocio from an Iranian hacker claiming to have "owned" the company.

GlobalSign is back. Looks like the self-serving hacker was nothing more than that.

Apple releases update to remove DigiNotar from trusted list


Apple have released an update for OS X Lion and Snow Leopard to revoke the digital certificates that were compromised by hackers at DigiNotar last week.Be sure you are currently on 10.6.8 or 10.7.1 for full protection.

Google tells Iranian users to check if their Gmail accounts have been hacked

Google tells Iranian users to check their Gmail accounts haven't been hacked

Google is advising *all* its users in Iran to change their Gmail passwords, and check that their accounts have not been compromised.

GlobalSign stops issuing SSL certificates in response to Iranian hacker


Digital certificate authority GlobalSIgn, the fifth largest issuer of SSL certificates, ceased signing new certificates today after accusations by an Iranian hacker that they are compromised.

Firefox 6.0.2 fixes yet more DigiNotar certificate fallout


Firefox 6.0.2 has just come out, blocking even more browser certificates than Firefox 6.0.1, in yet more fallout from the mess caused by disgraced Dutch web security company DigiNotar.

Microsoft revokes DigiNotar certificates from Windows, Mac users still vulnerable


Microsoft has permanently revoked all five certificates belonging to DigiNotar for Windows users. In addition to Windows 7 and Vista the new release also provides protection for users of Windows XP. Users of Windows should check for updates and apply this patch as soon as possible.

Operation Black Tulip: Fox-IT's report on the DigiNotar breach


A preliminary report was released today by Fox-IT, the security team investigating the attack against certificate authority DigiNotar. Many interesting details are included about the hack, including more indications that it primarily affected Iranian users.

SSL certificate debacle includes CIA, MI6, Mossad and Tor


Over 500 falsely signed certificates have now been identified and browser makers are permanently removing DigiNotar as a trusted certificate authority. The targeted organizations are far reaching including the CIA and MI6.

Google blacklists 247 certificates. Is it related to DigiNotar hacking incident?


Google has blacklisted over 200 certificates seemingly related to the DigiNotar hacking incident. What is the full extent of this breach, and who else may have been targeted?