Entrust's monthly SSL review covers SSL discussions "” recaps news, trends and opinions from the industry.
Entrust and CA Security Council
Entrust Identity ON discussed:
CA Security Council discussed:
Hot Topics & Opinions
POODLE —
- PayPal plans to disable SSL 3.0 in December
- Microsoft Azure — Protecting against the SSL 3.0 vulnerability
- Google has launched Chrome 39 — Goodbye SSL 3.0, Hello SHA-1 warnings
TLS Stack Attacks —
- Update Windows to avoid WinShock
- Every major TLS stack: OpenSSL, GNUTLS, NSS, MS SChannel, and Apple SecureTransport has had a severe vulnerability this year (2014)
News & Notes
- Google introduces nogotofail for testing devices and applications against known SSL/TLS vulnerabilities and misconfigurations
- Internet Explorer may support Public-Key Pinning
- Kim Zetter's book Countdown to Zero Day discusses how Duqu targeted a CA
- EFF reports ISPs Removing Their Customers' Email Encryption
- Naked Security bids farewell to HTTP
- ENISA 2014 report on algorithms, key size and parameters