Dennis Fisher and Mike Mimoso talk about Google’s decision to drop Chinese CA CNNIC from Chrome’s trust store, the scope of the malvertising threat and Verizon’s super cookie use.
Tag Archives: CA
PrivDog Adware Poses Bigger Risk Than Superfish
Another shady piece of adware called PrivDog has been unearthed with a similar Superfish-type vulnerability that breaks SSL connections.
Mozilla to Support Certificate Transparency in Firefox
Mozilla is planning to add support for Certificate Transparency checks in Firefox in the near future, but the company says that the feature won’t be turned on by default at first.
Microsoft Considering Public-Key Pinning for Internet Explorer
Microsoft is considering adding public-key pinning–an important defense against man-in-the-middle attacks–to Internet Explorer. The feature is designed to help protect users against the types of MITM attacks that rely on forged certificates, which comprise a large portion of those attacks. Attackers use forged or stolen certificates to trick victims’ browsers into trusting a malicious site […]