Let’s Encrypt
Russia Force-Feeds new, ‘Trusted’ CA—Yeah, RIGHT
Websites in Russia can’t renew their TLS/HTTPS certs. Moscow’s solution is to create a new certificate authority. But the man-in-the-middle threat should be obvious ...
Phish of GoDaddy Employee Jeopardized Escrow.com, Among Others
A spear-phishing attack this week hooked a customer service employee at GoDaddy.com, the world's largest domain name registrar, KrebsOnSecurity has learned. The incident gave the phisher the ability to view and modify ...
Reverse Proxy and TLS Termination
PolarProxy is primarily a TLS forward proxy, but it can also be used as a TLS termination proxy or reverse TLS proxy to intercept and decrypt incoming TLS traffic, such as HTTPS ...
IoT Device Attacks, FCC Fines Mobile Carriers, Let’s Encrypt Certificate Bug
In episode 111 for March 9th 2020: A new report shows that attacks on Internet of Things devices are on the rise, the FCC fines major mobile carriers for selling users’ location ...
Let’s Encrypt Says It Will Revoke 3M Certificates Due to Software Bug
Non-profit certificate authority (CA) Let’s Encrypt announced it will revoke more than three million digital certificates due to a software bug. On March 3, Let’s Encrypt revealed its plan to revoke 3,048,289 ...
Chrome to mark HTTP as ‘not secure’
Google Chrome currently marks HTTPS-encrypted sites with a green lock icon and “Secure” sign. And starting in July, Chrome will mark all HTTP sites as "not secure.” Google hopes this move will ...
Free HTTPS Wildcard Certificates Are Now Available
Not-for-profit certificate authority Let’s Encrypt has started issuing wildcard HTTPS certificates for free, allowing organizations with a large number of web assets to significantly simplify their certificate management. Let’s Encrypt has been ...
