ssl

Wed
14
Aug
John Lister's picture

Chrome, Firefox Ditch EV SSL Padlock System

Chrome and Firefox will stop indicating when websites have received an "extra level of verification" to prove they are in fact genuine. The move is largely due to the fact that most users aren't aware of the Extended Validation SSL (EV SSL) system. ... The Extended Validation SSL (secure socket layer) security certificates go beyond the standard SSL certification scheme, which browsers use to show that data being sent to and from a website is in fact encrypted and secure. This means that communication is encrypted, and that no one can eavesdrop or steal data mid-stream. In other words, ... (view more)

Thu
29
Nov
John Lister's picture

Web Users Warned Over Browser Green Padlock Trickery

Security researchers have warned that nearly half of all phishing sites falsely display the browser padlock symbol commonly associated with secure websites. It's a reminder that the browser padlock symbol only covers one aspect of security. Most ... major browsers display the padlock symbol when a website uses a technology, most commonly Secure Sockets Layer (SSL), to encrypt data as it passes between the user's computer and the website, or vice versa. Such sites have an address starting "https://" rather than "http://". The purpose of the padlock symbol is to indicate to the user that the ... (view more)

Tue
06
Nov
John Lister's picture

CPU Hyper-threading Reverse Engineered to Spy on Processes

One of the most useful features in computer hardware has a security flaw. It's to do with the way processors handle information. All computing tasks are reduced down to a set of calculations. The central processing unit (CPU) is the "brain" of the ... computer that physically carries out these calculations. Each modern-day CPU has one or more cores , which is essentially multiple "brains" on a single CPU chip. A multi-core CPU means that multiple calculations can be done at once, which reduces the time to carry out a task. Many processors also use a technique called ... (view more)

Fri
09
Mar
Dennis Faas's picture

Explained: How to Send and Receive Encrypted Emails (Easily!)

Infopackets Reader Tom G. writes: " Dear Dennis, I am trying to send encrypted email to a friend using MS Outlook . To do so, I purchased a digital certificate from Comodo, then imported the certificate into Outlook. I could send my friend digitally ... signed messages which he could read and reply to. He could send me digitally signed and encrypted messages, which I could read and reply to. However, I could not generate an encrypted message; I could only reply to his. I could not create an encrypted message from scratch. When attempting to initiate an encrypted message, I was told ' Microsoft ... (view more)

Fri
21
Apr
Dennis Faas's picture

How to Fix: Windows Mail: 'Your Outlook account settings are out of date' Error

Infopackets Reader Marion L. writes: " Dear Dennis, I am using Windows Mail with Windows 10, and all the sudden I have been getting an error that says 'Your Outlook account settings are out of date' near the top of the screen. I have the option to ... 'Fix Account' or 'Dismiss'. If I click the 'Dismiss' option, I can't receive any emails, then within a few minutes I'll receive the same error that 'Your Outlook account settings are out of date'. If I click 'Fix Account' it tells me 'Something went wrong. We're sorry, but we weren't able to do that', and it gives me an error code 0x80070003. I have ... (view more)

Thu
03
Mar
John Lister's picture

New 'Drown' Bug: Millions of Secure Sites Could be at Risk

An estimated 11 million secure websites could be vulnerable to hackers exploiting a security bug. Amazingly, the bug has to do with technology that is over 20 years old. There's little, if anything website visitors can do as the bug needs fixing by ... site operators. However, it is possible to check if a site appears to be vulnerable. The bug has been dubbed Drown, a name rather tenuously derived from "Decrypting the RSA algorithm with Obsolete and Weakened eNcryption." Researchers who uncovered the bug aren't publishing the precise details. At the moment it's not known if ... (view more)

Wed
25
Nov
John Lister's picture

Dell Ships PCs With Massive Security Risk

Dell has confirmed it shipped computers with a major built-in security flaw. The unintentional move could expose users to a significant risk of hackers accessing their personal data. The issue at hand deals with an exploit in the secure sockets ... layer (SSL). Specifically, Dell has inadvertently shipped PCs and laptops with both a trusted root certificate and key, when only the trusted certificate should have been allowed. The idea behind the mishap was to help identify Dell computers when they were connected to Dell's online support service. In this case, the computer's model number could be ... (view more)

Thu
12
Mar
John Lister's picture

Patch To Fix FREAK Bug is a Must-Install

Microsoft has joined Apple and Google in releasing browser security updates to patch a bug dubbed FREAK. The bug could make it easier for hackers to decrypt data that intercept from website users. The vulnerability of FREAK doesn't allow hackers to ... see data in plain sight. Instead, it allows them to remotely change what's meant to be a secure website connection into an unsecure one, meaning that previously encrypted data would then travel without any encryption. To be of any use, a hacker would need to combine the FREAK exploit with another vulnerability that let them intercept data, ... (view more)

Tue
24
Feb
John Lister's picture

Lenovo, Superfish Spyware Prompts Class Action Suit

PC manufacturer Lenovo may have to defend a class action lawsuit after it reportedly sold notebook computers that contained unwanted adware. The lawsuit follows the revelation that the adware had the potential to spy on users. The case involves a ... piece of software called Superfish. It was designed to look at images users were viewing online, identify items, find websites selling the item at a cheap price, and display an offer in a pop-up window. The software came pre-installed on some Lenovo notebook PCs and integrated with multiple browsers. Superfish came under several different categories ... (view more)

Wed
09
Apr
John Lister's picture

Zero-Day SSL Flaw: Change All Passwords, Experts Say

A massive number of websites could be affected by a critical security flaw used in conjunction with web sites and web browsers. Experts suggest that all web users change their passwords to all major web sites (including banking, social media, etc) - ... but doing so comes with a number of caveats. The security flaw is related to SSL (secure sockets layer) and is expected to affect approximately six percent of all websites world-wide. According to a recent survey that reviewed approximately 959 million websites, "66% ... are powered by technology built around SSL, and that doesn't include ... (view more)

Pages

Subscribe to RSS - ssl