A bug in GoDaddy’s domain validation process forced the registrar to revoke SSL certificates and reissue certs for more than 6,000 customers.
Google released its final SHA-1 deprecation deadlines, and crypto services provider Venafi said that 35 percent of the web is still running weak SHA-1 certificates.
Mozilla has proposed banning new SHA-1 certificates from Chinese Certificate Authority WoSign for one year after it accused the CA of back-dating the deprecated certs.
Crypto company Venafi points out potential holes in Yahoo’s processes and policies around cryptography and digital certificates, any of which could have been exploited in the breach to move data off the Yahoo network.
Facebook has put developers on notice that as of Oct. 1, apps that do not support SHA-2 will no longer connect to its network.
DigiCert explains why it issued a signed certificate to Facebook’s .Onion Tor domain, noting it may offer more hidden services certs in the future.
Mozilla announced that it will begin phasing out support for SHA-1 certificates, and will no longer trust them after Jan. 1, 2017.
Data compiled from Rapid7’s Project Sonar scan found 107,000 websites running 1024-bit CA certificates that will soon be untrusted as Mozilla announces it will no longer support the shorter, weaker keys.