• SSL News from Black Hat and DEF CON

    I like to follow up each year with the SSL news from Black Hat USA and DEF CON 20. I was just looking for my 2011 follow-up and found out that I never released it. Unfortunately, I started the write up just before the DigiNotar fiasco and never finished it. So what SSL presentations occurred in 2012? Nothing. Well, at

        in Secure Browsing, SSL, SSL Deployment
  • Phishing with SSL

    I read an article from Netcraft about Phishing on sites using SSL certificates. It reminded me that the industry has been working on anti-phishing for many years. In 2005, the SSL industry created the CA/Browser Forum. One of the issues was to create a new SSL certificate that would fight phishing. The result was the Extended Validation (EV) SSL certificate.

        in Secure Browsing, SSL
  • Short-Lived Certificates

    Certificate revocation is a current SSL industry issue. There are many causes to the problem. Some end-users do not have certificate-revocation checking turned on. Browsers support CRL or OCSP, but in some cases not both. The certification authorities (CA) may not provide reliable revocation responses. And what if there are no revocation responses from a CA; should there be a

        in Secure Browsing, SSL, Technical
Page 1 of 3123