Phishing Attacks Using SSL Spike
Phishing crews increasingly are using sites with valid SSL certificates in order to make their attacks appear more legitimate, a new report shows. In the last couple of years it has become much easier and faster for site owners to obtain SSL certificates for their sites, thanks to the emergence of free CAs such as […]
US-CERT Warns of Security Impact of SSL Interception
The Department of Homeland Security’s US-CERT group has issued an advisory warning enterprises that many security appliances that perform HTTPS inspection through a man-in-the-middle position don’t correctly verify certificate chains before forwarding traffic, weakening the security benefits of TLS in the process. The advisory comes after a recent paper by security researchers from Google, Mozilla, Cloudflare, […]
WordPress Turns on Encryption for 1 Million Sites
The movement to encrypt as much of the public Web as possible has gotten a major boost, as WordPress has turned on HTTPS connections for all of the more than one million custom domains hosted on WordPress.com. The change happened on Friday and significantly, it doesn’t require any work on the part of the site owners. […]