PKI Consortium blog
Posts by tag Malware
Securing Software Distribution with Digital Code Signing
October 16, 2013 by
Bruce Morton
(Entrust),
Jeremy Rowley
CASC
Code Signing
Malware
SSL/TLS
Code signing certificates from publicly trusted Certification Authorities (CAs) fulfill a vital need for authentication of software distributed over the Internet in our interconnected world. As the commonly referred to “Internet of things” continues to grow, consumers have access to millions of applications for their desktops, laptops, and mobile devices. Creative software engineers provide us with applications to cover any of our potential needs or interests. Cybercriminals and others with malicious intent recognize this as an opportunity and seek to trick us into installing malicious software (malware) — programs that hijack our computers, steal our money, or try to inflict harm.
Encryption Still Works – It’s About How You Implement It
September 13, 2013 by
Ben Wilson
ECC
Encryption
Malware
RSA
SHA1
SHA2
SSL/TLS
TLS 1.1
Vulnerability
The September 5th joint article by the New York Times and Guardian newspapers on NSA’s and GCHQ’s efforts to circumvent encryption implementation have left many people speculating on the security of the data they are transmitting over the Internet. Hopefully, this blog post will provide some guidance and help understand SSL in light of these recent articles. Importantly, the articles point out that the primary means of attacking SSL/TLS do not exploit a vulnerability in the protocol itself but instead aim to exploit poor implementations of the protocol, insecure servers, and weak cryptography.
Firefox 23 Blocks Mixed Content
August 13, 2013 by
Wayne Thayer
Chrome
Encryption
EV
Firefox
Google
Malware
Mixed Content
Mozilla
SSL/TLS
The latest version of the Firefox Web browser from Mozilla was released on August 6th with a great new security feature called a “mixed content blocker”. In a nutshell, this feature ensures that all of the parts of a secure Website are indeed encrypted via SSL certificates. All of the data on the website is prevented from being intercepted, and it becomes more difficult to add malware into the site’s content.
5 Tips for SMBs to Help Secure Their Online Presence
June 17, 2013 by
CA Security Council
CASC
Identity
Malware
SSL/TLS
Vulnerability
With National SMB Week upon us, the CASC has come up with its five tips for SMBs to help secure their online presence. By implementing these simple steps SMBs can build trust and loyalty by ensuring their website is safe to visit, search, enter personal information, or complete a transaction.
Create unbreakable passwords – Strong passwords are essential on any account related to your online presence (domain registrar, hosting account, SSL provider, social media, PayPal, etc.
The Importance of Revocation Checking Part 2: A Real World Example
March 11, 2013 by
Wayne Thayer
Attack
Code Signing
CRL
Encryption
Identity
Malware
OCSP
Revocation
SSL/TLS
Just last week, a new security incident related to certificate revocation checking made headlines. It was discovered that a legitimate website was hosting a malicious Java application that installed malware on the computers of people who visited the site. This comes after recent updates that introduced Security Level settings in Java, and then raised the default from Medium to High. At the high level, users are shown a warning before any unsigned Java code is executed.
The Importance of Checking for Certificate Revocation
March 9, 2013 by
Rick Andrews
Attack
CRL
Identity
Malware
MITM
OCSP
Revocation
SSL/TLS
Certificates are typically valid for one to three years, and during that time it’s possible that the web site owner or the CA realizes that end users should not trust the certificate. There are several cases in which this might happen, including these:
The web site owner ceases doing business, no longer owns the domain name used in the certificate, has changed their organization name, or wishes to shut down the web server.