Is it "trivially easy" to get a cert for a domain you don't own?
Betanews just published a story about a security researcher who claims that it is "trivially easy" to get an SSL certificate for a domain you don't own, thereby claiming that certificate authorities are useless. Is this true?
Certified Hype: Government Interception Attacks Against SSL
Two researchers, Christopher Soghoian and Sid Stamm, recently released a paper explaining the possibility of a government interception attack against. While insightful in some ways, it is mostly sensationalist hype that shouldn't cause any alarm.
Explanation from HSBC on why they use EV certificates
Watch the HSBC video and see how HSBC increases security and consumer confidence with VeriSign Extended Validation (EV) SSL Certificates. With more than 80 million customers worldwide accessing 2,000 HSBC Web sites and a rapidly growing demand on internet banking services, there is a constant focus on accessibility, usability and deliverability. That's why HSBC chose VeriSign as its EV SSL security provider.
Do I Need An SSL Certificate For My Website?
You’ve probably heard of encryption, or seen the green address bar of an EV SSL certificate, and wondered "Do I need an SSL certificate on my site?"
Cheap SSL Providers (Who is the cheapest SSL Provider?)
Looking for a cheap SSL provider? Using our database of certificates from the major SSL providers, we have calculated the average cost per certificate.
How to Render SSL Useless
Today, Ivan Ristic gave an interesting presentation at OWASP London entitled "How to Render SSL Useless" including the Top 11 SSL deployment mistakes that render SSL useless.
12 Critical Tips for Safe Online-Shopping During the Holidays
Entrust writes a press release about 12 ways to stay safe when shopping online this holiday season.
MashSSL Alliance Formed to Promote Open Standard for Trust Establishment Between Web Applications
Industry Leaders Including Comodo, DigiCert, Entrust and VeriSign Join Forces to Create Open Standard Based on MashSSL Technology Developed by Application Authentication Pioneer SafeMashups
idAlliance Corporation Releases iManageCerts(TM) Certificate Management Tool
iManageCerts provides organizations with monitoring and maintaining of SSL Certificates and preventing expiration outages.
SSL and TLS Renegotiation Vulnerability Discovered
Details of a new vulnerability involving SSL and TLS has been discovered. The vulnerability involves a flaw in renegotiation and allows man-in-the-middle attackers to surreptitiously introduce text at the beginning of an SSL session.