Bogus SSL Certificates
Netcraft has published an article stating they have found many bogus SSL certificates. In this case, a bogus certificate is self-signed (i.e., not issued from a legitimate certification authority) and replicates an SSL certificate of a large, popular website. This type of bogus SSL certificate could be used for a man-in-the-middle (MITM) attack. In this [Read More...]
Why Your Network is Failing to Stop Malware
The network of your enterprise is outfitted with antivirus and firewall software to help safeguard against certain types of malware. This software stops most common strands of malware from entering your system and wreaking havoc on your network and devices. But is it enough? While this type of protection is quite useful for eliminating the [Read More...]
Firefox to Block Mixed Content
Website owners who have mixed-content pages will surely be impacted and should make changes. Along with Firefox, Internet Explorer, Chrome and Opera already block mixed content. This means the users of the site will get trust warnings or the browser’s security indication (i.e., lock icon) may not be present.
GRC has created HTTPS/SSL Fingerprints. This service allows you to check whether or not your enterprise is performing MITM on the SSL secured site that you are trying to reach. It compares the certificate fingerprint to what you would receive to the fingerprint that they receive by going direct. If they are the same, the certificate is authentic and you have no problem. If they are different, then it is likely that someone is performing MITM on your SSL connection.
TURKTRUST Unauthorized CA Certificates
Although unrelated to Entrust, I thought you might be interested in the news about TURKTRUST.