Below we have a collection of Blog posts written by our in-house SSL/TLS and Security Experts, and also a collection of guest posters we invite every so often. In addition, you can find guides for installation and configurations, the best ways to secure your systems, fixes to common problems or updates to the industry.
SSL/TLS is the bedrock of modern security. Just about all security strategies involve it or chain back to it at some point. At its core, the contract is this: something encrypted with a user’s public key can only be decrypted by the corresponding private key, and something encrypted with the user’s private key can only be decrypted by the corresponding public key. From this we derive digital sig… [read more →]
Pretty much everyone in the digital age has access to multiple services requiring authentication. Most modern workplaces have some sort of centralized authentication source, so at least there’s only one set of credentials to remember. Still, typing in these credentials repeatedly is burdensome for the user. An answer to this problem is browser-based federation, leveraging bearer tokens (something a… [read more →]
In the recent past, web security has undergone a series of upgrade to more secure strategies advocating the use of HTTPS encryption features. In November 2017, Google announced that they will implement some changes in their Chrome web browser. True to their word, Google released Chrome 68 in July this year. The browser comes with an additional feature that marks any HTTP site as insecure, with… [read more →]
The London protocol refers to a treaty or agreement signed in London. One such agreement was recently signed with the aim of minimizing phishing activities on identity websites and improving management assurance. The protocol was launched by the Certificate Authority Council (CASC). A rise in phishing attacks motivated CASC certificate authorities to develop the London protocol. The objective of… [read more →]
Currently there is a lot of talk and upset customers in the online security field due to over 23,000 Certificate suddenly being revoked. Below is an outline of the events within the last month leading to this event. On February 2nd an official at DigiCert received a request from Trustico to revoke over 50,000 Certificates that had been issued through the reseller Trustico. DigiCert then needed to… [read more →]