Chrome Requires CT after April 2018

The Internet ecosystem has been working towards Chrome’s requirement for certificate transparency (CT) for all SSL/TLS certificates in April 2018. CT logs have been created. CT monitoring tools have been developed. Certification authorities (CAs) have integrated processes to allow certificates to be CT logged. The question has been, what is the exact date we are working towards? The CA Common Database announced to CA operators, “Chrome will require that all TLS server certificates issued after 30 April, 2018 be compliant with the Chromium CT Policy.” This means SSL/TLS certificates must be CT qualified by meeting one of the following criteria: A signed certificate timestamp (SCT) from a log qualified at the time of check is presented via the TLS extension OR is embedded within a stapled OCSP response, where there is at least one SCT from a Google Log, qualified at the time of check and at least one SCT from a non-Google Log, qualified at time of check. An embedded SCT from a log qualified at the time of check is presented, where there is at least one embedded SCT from a Google Log, at least one Embedded SCT from a non-Google Log and...
Read more

The Next Generation of ID card Printing: Image Integrity

The Next Generation of ID card Printing: Image Integrity Entrust Datacard has applied Pigment Ink Technology — which has a proven track record in the financial card market — to the desktop retransfer printer. To date, the industry standard has been dye sublimation ink technology in both direct-to-card and retransfer printing. In this blog series, we’re exploring how the application of pigment ink technology combats the top three most common and costly challenges facing ID card programs. In Part One, we discussed how environmental exposure can impact an ID badge when someone wears it in a visible way during work. In this post, we’ll focused on image integrity. Part Two: Image Integrity Organizations not using the latest printing technology often struggle to maintain the integrity of the original image when it’s printed on a card. For example, when an organization has a logo (such as company name, branding, etc.) or face that they want to print, they often have difficulty matching what they see on their monitor to what is printed on the card. Matching skin tones is also a challenge. Some organizations create custom profiles for their printers as a workaround. However, the downside is that once one color...
Read more

SSL Review: January 2018

Entrust Datacard’s monthly SSL review covers SSL/TLS discussions — recaps news, trends and opinions from the industry. CA Security Council … 2018 – Looking Back, Moving ForwardTLS 1.3 … TLS 1.3 Update: Everything you possibly needed to know What is SSL/TLS? (And why it’s time to upgrade to TLS 1.3) Bulletproof TLS Newsletter … Bulletproof TLS Newsletter #37 - Cloud provider vulnerability causes Let's Encrypt to disable SNI domain validation Other News & Notes gTLDs .bank and .insurance to support HSTS preload list SSL-Enabled Site Sending Malware Disguised as Meltdown/Spectre Fix Let's Encrypt plugs hole that let miscreants grab HTTPS web certs for strangers' domains Firefox locks down its future with HTTPS ‘secure contexts’ We need more phishing sites on HTTPS! HTTPS deployment tips Reminder: 3 Year Option for SSL Certificates ends March 1, 2018 Mozilla - January 2018 CA Communication The hidden “well-known” phishing sites What...
Read more

Use SSL to Avoid Browser Warnings That Threaten Website Traffic

First impressions are lasting ones. That’s why you want to make sure that there’s nothing standing between your visitors and a seamless entry to your website. Browsers and domain owners have a pretty good working relationship -- browsers inherently want to keep website users safe and website owners want to keep their customers secure to avoid getting a reputation for security breaches, which would drive visitors to a competitor with better security. One way browsers protect Internet users is to indicate whether or not a website uses encryption technology to secure customer data – like user names and passwords, credit card information and, for Google, any information that would be put into a form and sent to a company’s server. That’s why browsers, especially Google, throw up bold warnings indicating to users when a website is not secured by HTTPS. Websites use SSL to avoid greeting visitors with warnings like these. Have you ever noticed the padlock in your web browser’s address bar? SSL/TLS is the technology that creates a locked padlock indicating that any data transmitted on that website will be encrypted. Let’s look at how to use SSL to avoid browser warnings: “S” is for Secure SSL/TLS certificates put the...
Read more

The Next Generation of ID Card Printing

Entrust Datacard has applied Pigment Ink Technology — which has a proven track record in the financial card market — to the desk top printer. Retransfer printing with pigment ink technology now delivers the best printing solution in the world. The retransfer printing process enables true over-the-edge printing, even on uneven surfaces such as smart cards. When coupled with 600 DPI color pigment ink technology, the retransfer printer produces higher quality images with true color. The images on the card matches the image on the computer screen, text is legible down to 1.5 point font (including Chinese characters and fine line requirements), and UV fade-resistant cards will not diminish over the life of the card. To date, the industry standard has been dye sublimation ink technology in both direct-to-card and retransfer printing. However, this process can show wear and tear over time.  In this blog series, we’ll explore the application of pigment ink technology — an exciting new innovation for ID card printing that can combat the top three most common and costly challenges facing ID card programs. Part One: Environmental Exposure Exposure to environmental factors, such as UV light, can impact an ID badge when someone wears it in a...
Read more

SSL Review: December 2017

Entrust Datacard’s monthly SSL review covers SSL/TLS discussions — recaps news, trends and opinions from the industry. Entrust Datacard … ROBOT Attack on RSA EncryptionROBOT Attack … The ROBOT Attack CAA … CAA of the Wild: Supporting a New Standard Tracking CAA usage TLS 1.3 … Security Changes in Chrome 63: TLS 1.3, Site Isolation Security & More TLS 1.3 is going to save us all, and other reasons why IoT is still insecure Why TLS 1.3 isn't in browsers yet Bulletproof TLS Newsletter … Bulletproof TLS Newsletter #35 - Return of Bleichenbacher's Oracle Attack (ROBOT) Bulletproof TLS Newsletter #36 - Private keys in software from Blizzard, Electronic Arts, Microsoft, and the German Federal Bar Other News & Notes How Cert Spotter Parses 255 Million Certificates Baptists & Bootleggers: Consensus on Eliminating the Secure DV SSL Indicator Phishing embraces HTTPS, hoping you’ll “check for the padlock” I'm Sorry You Feel This Way NatWest, but HTTPS on Your Landing Page Is Important Make SSL boring again ...
Read more

Are you creating a Five Star Student Experience for Generation Z?

Every generation embraces unique values, motivations and expectations. Generation Z has been attracting attention in marketing circles because of the unique characteristics that make them different than their predecessors —Millennials — requiring colleges and universities to dramatically redefine their approach to creating positive user experiences for this group on university campuses.  If you hadn’t heard, Gen Z (or iGen) consists of those born from 1995 through 2012. This is the first generational group that has never lived without the internet; they are digital natives. Unlike previous generations, they clearly understand how technology works and how to filter out what is not relevant to them. Gen Z students are known as the mobile generation with short attention spans, and can multi-task on an average of 5+ screens. They communicate in pictures and are constantly creating their own “brand” through YouTube, Snapchat, Instagram and other social media. They also have grown up in a ratings world where a five star experience is an expectation versus an aspiration. How does this translate to a University ID Card Program? The student experience encompasses all of the touchpoints that a student has with the university. The issuance of the campus ID card at orientation, one...
Read more

The Simple CA Evacuation Plan You Need

With the uncertainty around DigiCert’s acquisition of Symantec’s PKI, you might be asking yourself: Does DigiCert have the ability to support my enterprise environment? Will I receive the same level of support? What actions do I need to take? Maybe you are being told the migration will be easy. The plan you need if you are going to evacuate your core security infrastructure should recognize the complexities of the systems, people and things your Public Key Infrastructure is responsible for securing, but should also provide the simplest pathway to achieving an evolved form of security that is better than what you previously had. The major difference in this approach is that it recognizes that this migration from the Symantec CA to Digicert was a decision that was made out of your control, forcing you to move your PKI solution to a new vendor. Entrust Datacard is a PKI pioneer with more than 20 years of innovation in public and private trust for the largest enterprises. Our unified approach that connects a broad portfolio of private and public trust solutions enables businesses to leverage secure identity to minimize risk and maximize digital business opportunities. Below is an example...
Read more

2018: Looking Back, Moving Forward in SSL

Looking Back at 2017 2017 saw the end of SHA-1 in public trust SSL/TLS certificates and the start of Certification Authority Authorization (CAA) allowing domain owners to authorize their CA. A “Not secure” browser indication was propagated to push more websites to support HTTPS. There was also a change in the certification authority (CA) ownership with DigiCert acquiring Symantec’s SSL and related PKI business and Francisco Partners buying Comodo’s CA. Vulnerabilities Google and CWI announced SHAttered, an attack on the SHA-1 cryptographic hash function. The attack was demonstrated by allowing the cryptographic signature on a good PDF to be the same as on a bad PDF. In other words, they forged the signature. Fortunately, this attack should not impact SSL/TLS as CAs have not issued SHA-1 certificates since 2015 and browsers stopped supporting SHA-1 in 2017. Return of Coppersmith’s Attack (ROCA) is a vulnerability in the generation of RSA keys used by a software library adopted in cryptographic smartcards, security tokens and other secure hardware chips. ROCA was found in a cryptographic library used in a wide range of cryptographic chips produced by Infineon Technologies AG. The vulnerability was disclosed to Infineon in the first week of February with an agreement to an 8...
Read more

Gartner and Entrust Datacard explain why Trust is critical to your business

In our youth, many of us played the “trust-fall” game. Your friend promises that if you close your eyes, cross your arms and fall back – they’ll catch you. And more often than not, your trusted partner ends up catching you, gaining your trust, removing your fear and giving you confidence for your next encounter with the “Trust-fall” game. Unfortunately, when it comes to building trust within your organization and with your users, it’s not that easy of an encounter. If you want to secure your business without hindering the user experience, you are faced with multiple challenges. Whether it’s managing multiple users, eliminating calls to the help-desk, removing friction and frustration or simply not having enough resources to get it all done – TRUST needs to be at the foundation of your strategy. Trust allows you to be bold in providing innovative new products and services to attract and retain customers. Trust lets you adopt new technology to streamline your operational efforts. Trust enabled by modern identity creates a transparent and frictionless authentication experience. Trust enables your digital business. Gartner’s research director, David Mahdi, and Entrust Datacard’s VP of authentication solutions, Ryan Zlockie, discuss how to build trust into...
Read more
Page 1 of 612345...Last »