Get a Pentest and security assessment of your IT network.

News

SSL certificate safety bolstered by standards that lessen dependence on CAs

Two new proposals have come forward that look to make a gradual, compatible transition away from the current model possible. One is called Public Key Pinning Extension for HTTP, while another is called Trust Assertions for Certificate Keys (TACK) Both proposals are in draft form with the IETF and there are many technical details not covered here. For sites that would support these new extensions they could offer an extra digital signature of their certificate signed by the site owner. This means an attacker wishing to perform a man-in-the-middle attack would have to compromise a certificate authority, but also compromise the private key possessed by the web site operator.”]

Source: https://nakedsecurity.sophos.com/2012/06/01/ssl-certificate-safety-bolstered-by-standards-that-lessen-dependence-on-cas/

Related posts
News

Ashley Madison 2.0 Hackers Leak 20GB Data Dump, Including CEO's Emails

News

Art of Twitter account hacking

News

Botnet authors use Evernote account as C&C Server

News

Canadian agency breached as hackers exploit CVE-2017-5638 flaw in Apache Struts 2