Certificate Revocation

What Is an EV Multi-Domain SSL Certificate Revocation Information and Reporting Policy?

|
What Is an EV Multi-Domain SSL Certificate Revocation Information and Reporting Policy? bwhitlock Tue, 08/14/2018 - 10:08 To illustrate, SSL certificate provider Entrust says it must revoke extended validation (EV) Multi-Domain SSL Certificates under several conditions that do not require initiation from the Subscriber. These include the following: It learns ... Read More
Election Infrastructure

Venafi Study: Election Infrastructure Is at Risk

|
Venafi Study: Election Infrastructure Is at Risk bwhitlock Mon, 08/13/2018 - 10:31 Security professionals have been discussing cyber attacks targeting election infrastructure well before July’s grand jury indictment. However, these concerns have come into sharp focus right now because there are many high-profile elections taking place this year. Venafi recently ... Read More
Wild Card Certificates

Conversations with the Inventor of Wild Card Certificates—Part 3: The Risk of Exploit

|
Conversations with the Inventor of Wild Card Certificates—Part 3: The Risk of Exploit bwhitlock Thu, 08/09/2018 - 08:04 Here’s the final portion of my interview with George: What will change now that Let’s Encrypt is offering free wildcard certificates? With free wildcard certificates, the natural filtering or controlled use of ... Read More
Certificate Properties

6 Things You Probably Don’t Know about Your Certificates [And Why They Matter]

|
6 Things You Probably Don’t Know about Your Certificates [And Why They Matter] bwhitlock Wed, 08/08/2018 - 08:50 To gain the intelligence you need to enforce policies and detect machine identity anomalies and vulnerabilities, you need to be able to discover and collect information on the critical attributes of each ... Read More
OCSP Stapling 1.png

Strategies for Improving the Benefits of Certificate Revocation

|
Strategies for Improving the Benefits of Certificate Revocation bwhitlock Tue, 08/07/2018 - 09:29 In my last two posts I examined the reasons why certificate revocation is important to enterprise security and some limitations of using OCSP to check for revoked certificates. Now I’m going to suggest a strategy that you ... Read More
Security Accountability

Security Accountability: Who in the C-Suite Should Care?

|
Security Accountability: Who in the C-Suite Should Care? bwhitlock Mon, 08/06/2018 - 10:09 Unfortunately, there are too many CEO’s and CFO’s who have never given security, and to be more precise, information security, or infosec for short, a second thought. According to a cybersecurity survey by BAE Systems, “More than ... Read More
 Green Padlock

How Long Can We Trust the Green Padlock?

|
How Long Can We Trust the Green Padlock? bwhitlock Thu, 08/02/2018 - 08:33 It should be noted that this threat is not isolated to future data when Quantum Computing becomes a reality. Today's encrypted communications and data remains potentially vulnerable to hackers of the future through a scheme called harvest ... Read More
Simplify Machine Identity Protection

Venafi and Gemalto Partner to Simplify Machine Identity Protection

|
Venafi and Gemalto Partner to Simplify Machine Identity Protection bwhitlock Wed, 08/01/2018 - 07:23 Scaling the use of HTTPS demands trade-offs between security and efficiency. For example, enabling Encryption Everywhere strategies requires organization to deploy more Secure Sockets Layer/Transport Layer Security (SSL/TLS) keys and certificates. The integrated solution of the ... Read More
 Not Secure Tag in Chrome 68

Why the “Not Secure” Tag in Chrome 68 Makes Sense

|
Why the “Not Secure” Tag in Chrome 68 Makes Sense bwhitlock Mon, 07/30/2018 - 15:49 For the longest time, the only common element in the way different browsers communicated security indicators to users was the beloved “padlock” – indicating only that the connection between browser and web server was encrypted ... Read More
Certificate Revocation 2.png

Why We Need Certificate Revocation

|
Why We Need Certificate Revocation bwhitlock Tue, 07/24/2018 - 08:55 Certificates are often installed on to devices by Mobile Device Management (MDM) software or embedded in to smartcards for users to carry in their wallet. Smartcards, despite their small size, are credit card sized computers which contain just enough computing ... Read More
Loading...