SSL News
Kaminsky DNS Flaw + Domain Validated SSL = Phisher's Paradise
The recent news about a DNS flaw discovered by Dan Kaminsky has been highly publicized and the details of the flaw have even been released. How does this new flaw open up phishing attacks using Domain Validated SSL Certificates?
Do EV Certificates Just Enhance The Bottom Line?
Mike Fratto posted an article in Information Week about how EV certificates don't increase trust. He claims that they only help line the pockets of certificate authorities like VeriSign.
Don’t be a Victim of DNS Security Holes
The details of the new DNS attack discovered by Dan Kaminsky were recently leaked. Make sure you are safe by checking whether your ISP's DNS servers are vulnerable.
Is Mozilla's SSL policy bad for the Web?
Nat Tuck Thu has posted about how Mozilla's policy of displaying harsh warning when a site uses an untrusted certificate is causing many sites to not use SSL when they should be.
GlobalSign Launches SSL Deployment Technology
GlobalSign leading provider of online security solutions, has announced "AutoCSR" and "One-Click SSL" two new SSL deployment technologies that will revolutionize the way hosting companies provision SSL Certificates to hosting customers.
What Would It Take To Have Open CA Authorities?
The Slashdot crowd has opened a discussion about the possibility of a free, open Certificate Authority. A few pointed out the currently free alternative CAs and their problems while many brought it back to the purpose of SSL and a Public Key Infrastructure.
Who is using the latest web browser?
New research paper shows that as of June 2008, only 59.1% percent of Internet users worldwide use the latest major version of their preferred web browser. How does using the latest browser affect your online security?
Google Releases Web Application Security Tool ratproxy
Google has released a web application security tool to find potential vulnerabilities in your web applications.
SSL Added to Pirate Bay
In order to combat new Swedish wiretaps, Pirate is adding SSL to the site.
When are self-signed certificates acceptable?
This question was posted on Slashdot and it solicited many different responses. A lot of people are confused about the purpose of SSL certificates.