• SSL Review: June 2014

    Part 5 of 7 in the Series — SSL Review
    Entrust’s monthly SSL review discussions — and likely other digital certificates — recaps news, trends and opinions from the industry. Entrust and CA Security Council Entrust Identity ON discussed: OpenSSL Team Warns of New MITM Vulnerability CA Security Council discussed: Benefits of Elliptic Curve Cryptography OCSP Must-Staple Hot Topics & Opinions OpenSSL Man-In-The-Middle … Paul Venezia discusses The new OpenSSL

        in SSL
  • OpenSSL Team Warns of New MITM Vulnerability

    On Thursday, the OpenSSL team issued an advisory (CVE-2014-0224) that warned of new SSL/TLS vulnerabilities — for certain releases of OpenSSL — that may leave SSL clients and servers susceptible to man-in-the-middle (MITM) attacks.

        in Alerts, SSL, SSL Deployment
  • Bogus SSL Certificates

    Netcraft has published an article stating they have found many bogus SSL certificates. In this case, a bogus certificate is self-signed (i.e., not issued from a legitimate certification authority) and replicates an SSL certificate of a large, popular website. This type of bogus SSL certificate could be used for a man-in-the-middle (MITM) attack. In this scenario, the attacker needs to

        in Digital Certificates, SSL
Page 1 of 3123