The way Firefox caches intermediate CA certificates could allow for the fingerprinting of users and the leakage of browsing details, a researcher warns.
Tag Archives: CA
Half of Chrome Pageloads are HTTPS
Google said that more than half of pageloads on Chrome across platforms are encrypted; Android as the lone laggard, but trending upward.
Google to Distrust WoSign, StartCom Certs in 2017
Google announced Monday that it will distrust certificates issued by WoSign and StartCom when in it ships Chrome 56 in January 2017.
Apple To Block WoSign Intermediate Certificates
Apple said over the weekend it would soon distrust certificates issued by WoSign’s Free SSL Certificate G2 intermediate CA on macOS.
Amazon Certificate Manager Brings Free SSL Certs to AWS Users
Amazon’s new Certificate Manager is providing SSL certificates for free to AWS customers but experts warn it’s only a matter of time before they’re exploited.
Comodo Issues Eight Forbidden Certificates
Certificate authority Comodo admits it incorrectly issued eight certificates that include forbidden internal server names or reserved IP addresses.
Let’s Encrypt Hits Another Free HTTPS Milestone
Let’s Encrypt hit a milestone last night when it received the cross-signatures necessary to render its beta-and free-certificates trusted by all browsers.
OpenSSL Patches Critical Certificate Validation Vulnerability
A high-severity bug in OpenSSL was disclosed today, and it affects only organizations that installed an update released in June, and allows anyone with an untrusted TLS certificate to become a CA.
Mozilla to Remove Turkish CA From Firefox Trust Store
Mozilla is removing a Turkish root CA from the Firefox trust store, not because of a compromise or a mistakenly issued certificate, but because the certificate authority hasn’t lived up to the audit requirements Mozilla has for trusted CAs. Like other browser vendors, Mozilla has a lengthy policy that sets out the requirements for CAs to […]
DigiCert Offers Continuous Monitoring of Digital Certificates to Defeat Fraud
It’s an interesting time for certificate authorities. On the one hand, interest has never been higher in Web encryption, privacy and transport security, thanks to Edward Snowden. But on the other hand, the last few years has seen a steady stream of compromises of CAs, mis-issued certificates and other problems. CAs hold the security and […]