As the internet evolved so did the ways in which we interact with it. Virtually every aspect of our daily lives have been mirrored on the Internet. When you login to your online banking portal you are entrusting that your bank is safely and discretely managing your personal financial information – just as you would when you sit down with a bank employee in their office. With day-to-day life becoming increasingly dependent on using the Internet, a passive ability to detect fraudulent or fake websites Read more [...]
According to reports conducted by various research and technology firms, 2015 will be continuing many of 2014's innovations and disruptive technologies. The entire technology landscape is forcasted to triple with more mobile apps and devices entering into the market. Data center traffic is expected to reach more than 600 exabytes per month. Just in case you didn’t know, 1 exabyte is equivalent to10,000 terabytes.Then there are self-driving cars, bendable displays, air-charged batteries, holographic Read more [...]
New guidelines dictating the requirements for PCI Compliance, version 3.1 of PCI Data Security Standards (PCI DSS), were released in April. These guidelines must be followed for all companies who take payments over the Internet. A key part of the new PCI DSS are stricter requirements around the use of TLS (SSL).PCI DSS v3.1 states that SSL 3.0 and TLS 1.0 “can no longer be used as a security control after June 30th, 2016.” This means that disabling these protocol versions is required Read more [...]
On April 14th, 2015, Symantec officially announced increased prices for their brands of SSL Certificates. As The SSL Store™ is a top web security partner of Symantec, we informed our Japan-based customers and partners that we also have to comply with this new regulation and adjust our pricing for SSL certificates with .JP domain names.When you purchase an SSL Certificate, our system will now require an extra surcharge when you go to create a CSR and your domain name contains a .JP or administrative, Read more [...]
The world’s most trusted online security brand Symantec has just announced that they will now secure www & non-www domain names with single SSL certificate & it will be considered the same FQDN! This is big news for us and all of our partners and customers.Finally, all Symantec SSL certificates will now consider the base domain as a free SAN or Subject Alternative Name, which simply means you can secure both versions of your website, www.name-of-site.com and name-of-site.com with single Symantec Read more [...]
If you have ever flown on a US airline, chances are you have seen an advertisement for an in-flight Wi-Fi service provided by Gogo. While Gogo is certainly appealing to most travelers in this day and age, a revelation has come to light recently about this service that you should probably be aware of.This past week, Adrienne Porter Felt, a security engineer at Google, discovered that Gogo was using a fraudulent certificate in place of Youtube.com’s real SSL certificate. The certificate was Read more [...]
On March 1st, 2015, The SSL Store™ will discontinue offering SSL certificates with validity periods of 4 and 5 years.
This is in accordance with new guidelines set forth by the Certificate Authority/Browser (CA/B) Forum, the governing body of the SSL industry. This update will affect all SSL certificates in the industry, including the entire product catalogs of Symantec, Comodo, Thawte, GeoTrust, and RapidSSL. (EV certificates are already limited to a maximum of two years so they are not affected Read more [...]
Symantec™ Corporation is a US-based internet security & technology company, founded by Gary Hendrix in 1982. It’s a global and publically traded company (NASDAQ: SYMC) dealing with many different sectors of the security industry, such as; anti-virus applications, data storage & backup solutions, SSL certificates and other website security solutions.
As per W3Techs’s (Web Technology Surveys) report, Symantec™ Corporation is the top Certificate Authority (CA) with the largest market Read more [...]
Back in October, we published an extensive article about an attack called POODLE that affected old versions of the SSL protocol (specifically, SSL 3.0). This attack had the potential to affect nearly 98% of the Internet, as many servers still supported this older version of the protocol.But now it has been revealed that POODLE is back, this time with the ability to affect even the newest version of the protocol1.
Any time we visit the topic of SSL protocol attacks, we should remember this brief Read more [...]
Are you shocked after reading the headline? Yes, it is true that ALL (SAN/UCC) SSL Certificates will not work for internal server domain names from 1st November, 2015.As per the CA/Browser Forum (CA/B), the regulatory body that governs the SSL industry, one of the new changes is the elimination of certificates for internal names. This change makes it impossible to obtain a publicly trusted certificate for any host name that cannot be externally verified as owned by the organization that is requesting Read more [...]
What is “POODLE”?
POODLE is an acronym for a newly discovered vulnerability in a specific version of the SSL protocol. POODLE requires an “active” attacker, meaning there must be another ‘bad’ computer intercepting messages between the client and server. Ultimately, the vulnerability allows the attacker to decode messages encrypted with SSL v3.0 (the specific, and only, version of the protocol affected).SSL v3.0 is an old version of the SSL protocol, a very old version - from the Read more [...]