SEARCH
Archive
Networked Devices Will Stop Working As Root Certificates Expire
As the original root certificates begin to expire, more and more networked devices, including smart devices and internet of things, will stop working. They won't be able to connect online to services unless they are updated, and that is easier said than done.
Proposal to Make HTTPS Certificate Expire Yearly Back on the Table
The question about shortening the validity period for TLS certificates is back in front of the CA/Browser Forum again. CAs still oppose it and browser makers are still for it.
Attackers Are Signing Malware With Valid Certificates
There used to be a time when malware signed with a legitimate certificate was the mark of a sophisticated, nation-state-backed attacker. Now anyone can have signed malware.
New CA Focus on EV Certs Won’t Stop Phishing
The CA Security Council's London Protocol attempts to address the problem of phishing sites with legitimate SSL/TLS certificates, but the initiative perpetuates the myth that the pricier EV certificates are more secure than DV certificates.
Find Phishing Sites in Certificate Transparency Logs
Mining Certificate Transparency logs can help uncover phishing sites using spoofed domain names, but it’s hard to do. Facebook has updated its Certificate Transparency Monitoring tool to notify website owners when their sites are being spoofed for malicious use.