Category Archives: Secure Browsing

SSL Review: March 2014

March 13, 2014 by Bruce Morton     No Comments

Here is a monthly SSL review of discussions about SSL (and possibly other digital certificates) from the last month. Entrust Identity ON discussed the following: Always-ON SSL Moving to TLS 1.2 Bogus SSL Certificates OCSP Stapling Apple SSL Bug CA Security Council discussed the following: Always-On SSL, Part II Ten Steps to Take If Your [Read More...]

Filed Under: Secure Browsing, SSL, SSL Deployment Tagged With: Apple, OCSP, SSL

Apple SSL Bug: Test Your Vulnerability, Fix Available Soon

February 24, 2014 by Bruce Morton     No Comments

On Friday, Feb. 21, Apple issued a security bulletin for iOS 7.0.6. There was not much detail in the bulletin, but it did state that the impact was “An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS.” The problem is the result of a coding error where [Read More...]

Filed Under: Secure Browsing, SSL, SSL Deployment Tagged With: goto fail, iOS, OS X

Network and Desktop Operating Systems Have Too Much Trust

February 5, 2014 by Jason Soroko     1 Comment
This entry is part 1 of 3 in the series Identity Context: Defense's Next Play

This entry is part 1 of 3 in the series Identity Context: Defense’s Next Play Part One: Network and Desktop Operating Systems Have Too Much Trust At Black Hat 2012, John Flynn showed a slide with the text, “The kids these days, they’re hacking the system as a whole.” There is a wide assumption that [Read More...]

Can You Spot a Phishing Email?

December 18, 2013 by Entrust, Inc.     No Comments

This holiday season, buyers everywhere will flock to the Internet to rack up savings on deals and avoid the hassles of shopping in malls and department stores. Unfortunately, shopping online without using caution can lead to great headaches due to the prevalence of criminal activity. One of the most devastating identity theft techniques comes in [Read More...]

Filed Under: Malware, Mobility, Secure Browsing Tagged With: phishing

Top 10 Holiday Scams to Steer Clear of this Season – Part 2

December 16, 2013 by Entrust, Inc.     No Comments

This is Part 2 of a two-part series. To read the first post, click here. Top 10 Holiday Scams to Steer Clear of this Season 6. Order shipment notification When doing your holiday shopping, always make sure that the email notification confirming your order shipment is directly tied to the official company of which you [Read More...]

Chrome Shows SSL Warning for Non-FQDNs

October 17, 2013 by Bruce Morton     No Comments

Entrust completed an internal test recently and was surprised by a warning from Google Chrome version 30. The test case has a Web server with a non-fully registered domain name (non-FQDN) and an SSL certificate from a publicly trusted certification authority (CA). The Chrome browser put an ‘X’ through the lock icon and a cross [Read More...]

How is Your Browser Performing?

October 11, 2013 by Bruce Morton     No Comments

We always discuss SSL deployment best practices. These are the actions the Web server administrator takes. These are important to discuss, because the actions on the few million Web servers will increase the functionality and security of the billions of browser users. However, there are two ends to the SSL connection and there is little [Read More...]

Some Comments on Web Security

June 14, 2013 by Bruce Morton     No Comments

Web security is a topic important to health and viability of the internet. It is crucial for privacy, integrity and authenticity of sites and users alike.

CAs Support Standards and Regulations

May 20, 2013 by Bruce Morton     No Comments

There is an industry myth that certification authorities (CAs) are not regulated. In fact publicly-trusted SSL CAs support the development of industry regulations and have been audited annually to ensure compliance to the many requirements.

Firefox to Block Mixed Content

May 2, 2013 by Bruce Morton     No Comments

Website owners who have mixed-content pages will surely be impacted and should make changes. Along with Firefox, Internet Explorer, Chrome and Opera already block mixed content. This means the users of the site will get trust warnings or the browser’s security indication (i.e., lock icon) may not be present.