certificate authority

Google Busts Symantec-Issued Certificates and Its a Big Mess

In-brief: Google’s rebuke of Symantec over its sloppy and problem-plagued certificate authority business risks upsetting some of the Internet’s biggest brands. 

9 Quintillion Tries Later: Researchers Crack SHA-1

In-brief: Researchers at Google and CWI Amsterdam say they produced the first “collision” of hashes produced with the SHA-1 algorithm, hastening the end of life for the 22-year-old encryption technology.

Can Blockchain Save The Internet of Things?

In-brief: In this Security Ledger podcast, we speak with the guys from Chain of Things, a new consortium that is investigating applications of Block Chain and related technologies to solving identity and security problems for IoT deployments. 

Updated: Google warns of unauthorized TLS certificates trusted by almost all OSes | Ars Technica

In-brief: Google warned its users that unauthorized digital certificates have been issued for several of its domains. The certificates are linked to an intermediary certificate authority for CNNIC, which administers China’s domain name registry. Updated with comment from Kevin Bocek of Venafi. Paul 3/27/2015 

EFF: SSL Records Show Superfish Attacks in the Wild

  In-brief: The Electronic Frontier Foundation warned that it has evidence of man-in-the-middle attacks that take advantage of the same encryption-busting technology that Lenovo and Superfish implanted on consumer laptops.