Google paid out $38,000 in bounty rewards tied to flaws it fixed with a Chrome 57 browser update.
Tag Archives: SHA-1
Firefox 52 Expands Non-Secure HTTP Warnings, Enables SHA-1 Deprecation
The latest version of Firefox expands non-secure HTTP warnings, enables SHA-1 deprecation by default, and removes support for NPAPI.
Google Achieves First-Ever Successful SHA-1 Collision Attack
SHA-1, Secure Hash Algorithm 1, a very popular cryptographic hashing function designed in 1995 by the NSA, is officially dead after a team of researchers from Google and the CWI Institute in Amsterdam announced today submitted the first ever successful SHA-1 collision attack.
SHA-1 was designed in 1995 by the National Security Agency (NSA) as a part of the Digital Signature Algorithm. Like
SHA-1 End Times Have Arrived
Things are about to get a lot safer on the internet with SHA-2, but there is plenty of work still to be done when it comes to SHA-1 deprecation.
Microsoft Cutting Off SHA-1 Support in February for Edge, IE 11
Microsoft confirmed Feb. 14, 2017 is the cutoff date for SHA-1 support in its Microsoft Edge and Internet Explorer 11 browsers.
Google Removing SHA-1 Support in Chrome 56
Google released its final SHA-1 deprecation deadlines, and crypto services provider Venafi said that 35 percent of the web is still running weak SHA-1 certificates.
Google to Distrust WoSign, StartCom Certs in 2017
Google announced Monday that it will distrust certificates issued by WoSign and StartCom when in it ships Chrome 56 in January 2017.
Mozilla Wants to Drop WoSign as Trusted CA
Mozilla has proposed banning new SHA-1 certificates from Chinese Certificate Authority WoSign for one year after it accused the CA of back-dating the deprecated certs.
Questions Mount Around Yahoo Breach
Crypto company Venafi points out potential holes in Yahoo’s processes and policies around cryptography and digital certificates, any of which could have been exploited in the breach to move data off the Yahoo network.
Microsoft SHA-1 Deprecation Final Countdown Begins
Microsoft said that with the release of the Windows 10 Anniversary Update this summer, its IE and Edge browsers would no longer display the lock icon for websites using SHA-1 signed certificates.