Tag Archives: Firefox

Firefox to Block Mixed Content

May 2, 2013 by Bruce Morton     No Comments

Website owners who have mixed-content pages will surely be impacted and should make changes. Along with Firefox, Internet Explorer, Chrome and Opera already block mixed content. This means the users of the site will get trust warnings or the browser’s security indication (i.e., lock icon) may not be present.

Should You Use SHA-2?

December 11, 2012 by Bruce Morton     1 Comment

A common question we receive from certificate customers: should we ask Entrust to sign our certificate with a signature using the SHA-2 hashing algorithm?

HTTPS Everywhere 3.0

October 11, 2012 by Bruce Morton     No Comments

The Electronic Frontier Foundation (EFF) has released HTTPS Everywhere 3.0.

Stopping CRIME Attacks

September 13, 2012 by Bruce Morton     No Comments

This article by Dan Goodin appears to cover the most facts about the CRIME attack on SSL/TLS. It answers my first question about what the acronym means; CRIME is short for “Compression Ratio Info-Leak Made Easy.” It also confirms the attack is performed when the communication uses TLS compression. My understanding is that TLS compression [Read More...]

Speculation on CRIME

September 12, 2012 by Bruce Morton     No Comments

The SSL industry is waiting for the Ekoparty Security Conference next week to find out more details on the CRIME SSL/TLS attack. Speculation by SSL/TLS experts? The attack is based on TLS compression. Thomas Pornin made this post on IT Security of his guesses on how compression could be used in an attack. This also [Read More...]

CRIME Attack on SSL/TLS

September 10, 2012 by Bruce Morton     No Comments

The security researchers who brought us BEAST now have a new SSL/TLS attack: CRIME. I would like to know what the acronym CRIME stands for, but we’ll probably have to wait until Juliano Rizzo and Thai Duong present their work at Ekoparty Security Conference later this month. Little information about the attack has been published. [Read More...]

Firefox’s Lock Icon is Back

September 4, 2012 by Bruce Morton     No Comments

I’m a little late with this blog item. Maybe it was because it was a great summer or maybe it’s because I don’t use Firefox or maybe it’s because … Firefox 14.0 released in June 2012 and the SSL lock symbol is back. I wrote a blog last year where the beta of Firefox 4.0 [Read More...]

Filed Under: Secure Browsing, SSL Tagged With: FirefoxFirefox, SSL, visual indicators

HSTS Update

July 16, 2012 by Bruce Morton     No Comments

HTTP Strict Transport Security (HSTS) will soon be finalized and available in an IETF standard. The request for comment (RFC) is at version 11 and the IESG has put out a last call for comments. HSTS is a security policy mechanism where a Web server tells a supporting browser that it can only connect to [Read More...]

Google Rethinks Revocation

March 7, 2012 by Jon Callas     No Comments

Google has decided in Chrome that they’re going to take a different approach to certificate revocation. Chrome developer Adam Langley describes the decision in detail in his blog, Imperial Violet. Unlike a number of CAs, we think this is a pretty good idea, even if incompletely executed so far. Revocation is a difficult task. It [Read More...]

Don’t fear the BEAST

October 25, 2011 by Jon Callas     No Comments

A few weeks ago, Juliano Rizzo and Thai Duong published a paper on an SSL attack that they call BEAST, which decrypts parts of an SSL connection. Before I discuss it at length, let me cut to the chase on it. Q: Is this something that you need to worry about? A: No. Here’s a [Read More...]

Filed Under: Secure Browsing, SSL Tagged With: Chrome, Firefox, IE