kdobieski

Rss blog

What is the Automated Certificate Management Environment (ACME) Protocol? kdobieski Fri, 08/12/2022 - 17:00 4104 views How does it work? ACME is used primarily to obtain Domain Validated (DV) certificates. DV certificates do not specifically identify or validate the organization using the certificate, but rather validate a request against a ... Read More

Why It’s Dangerous to Use Outdated TLS Security Protocols Scott Carter Mon, 10/17/2022 - 17:00 34020 views Deprecation of TLS 1.0 and TLS 1.1 Internet Engineering Task Force (IETF) has released a document where they explicitly state that TLS 1.0 and TLS 1.1 must not be used and they plan ... Read More

What Is the Hashing Function and Can It Become Vulnerable? Scott Carter Thu, 11/03/2022 - 17:00 8212 views Hash Function Vulnerabilities We have stated before that although hash functions are considered to be secure, the SHA-1 algorithm was deprecated by NIST in 2011 due to known weaknesses. Indeed, the security of ... Read More

Homomorphic Encryption: What Is It and How Is It Used Scott Carter Fri, 07/15/2022 - 16:00 27094 views What is Homomorphic Encryption? The purpose of homomorphic encryption is to allow computation on encrypted data. Thus data can remain confidential while it is processed, enabling useful tasks to be accomplished with ... Read More

Visibility, Intelligence, Automation: Three Reasons to Expand Machine Identity Protection kdobieski Mon, 03/18/2019 - 12:24 Connected Device Roles and Capabilities Machines today: Are increasingly connected to each other Have the ability to collect vast amounts of data Share information with other machines, and Make autonomous decisions based on the situation ... Read More

Still Using SHA-1 for Internal Certificates? It’s Almost Too Late to Update kdobieski Mon, 03/18/2019 - 07:54 “Due to weaknesses in the SHA-1 algorithm and to align to industry standards, Microsoft will only sign Windows updates using the more secure SHA-2 algorithm exclusively [after July 19],” reads the notice. “Any ... Read More

Serial Entropy Issues Invalidate 22,000 TLS Certificates on Dutch Government PKI kdobieski Thu, 03/14/2019 - 12:34 The report states that these faulty certificates will all need to revoked and reissued. “The intention is to revoke all affected certificates within 30 days.” The longer length of this timeframe (CA/B Forum mandates ... Read More

Tracking CAA Usage kdobieski Wed, 03/13/2019 - 08:53 Tracking usage in the wild Many of you will already know that I crawl and analyse the Alexa Top 1 Million Sites every single day and publish the data. On top of that, every 6 months, I also publish a report on ... Read More

Win-win Policies that Simplify Your Machine Identity Protection kdobieski Tue, 03/12/2019 - 09:49 As I’ve written before, there’s an easy way to avoid these types of problems. When you craft policies that support business goals and objectives as opposed to hindering people, you actually make it easier for everyone to ... Read More

Oh, How I Love My Hashi (Vault) kdobieski Mon, 03/11/2019 - 10:07 But savvy DevOps teams still run into challenges with getting external-facing certificates that can be trusted by every browser when the code moves into production. To explain this conundrum, let’s dive into the difference between internal and external ... Read More