Google announced earlier today plans to drop the "Secure" indicator from the Chrome URL address bar and only show a lock icon when the user is navigating to an HTTPS-secured website.
Starting last week, on May 8, Google has opened the .app top-level domain (TLD) to the general public, allowing anyone to register their desired .app domain name. As its name implies, the domain is intended for app developers, but anyone can register a domain, may it be for an app or not.
Starting today, the Google Chrome browser will show a full-page warning whenever users are accessing an HTTPS website that's using an SSL certificate that has not been logged in a public Certificate Transparency (CT) log.
Mozilla Foundation engineers announced plans over the weekend to test the "DNS over HTTPS" (DoH) fledgling security standard in Firefox Nightly distributions.
Trustico, a reseller of SSL certificates, has admitted to storing the private keys of some of the SSL certificates it issued to its customers over the past years.
Over 23,000 users will have their SSL certificates revoked by tomorrow morning, March 1, in an incident between two companies —Trustico and DigiCert— that is likely to have a huge impact on the CA (Certificate Authority) industry as a whole in the coming months.
There's a thriving underground market for buying and selling code-signing certificates meant to help malware pass unnoticed by security scanners, but according to new research, the prices for such certificates are too high, and only a few hackers can afford one.
Researchers say that threat actors looking for a covert channel for stealing data from a firewalled network can abuse X.509 certificates to hide and extract data without being detected.
Google announced earlier today plans to mark all HTTP sites as "Not Secure" in Chrome, starting with July 2018, when the company plans to release Google Chrome 68.
In a groundbreaking statement earlier this week, Mozilla announced that all web-based features that will ship with Firefox in the future must be served on over a secure HTTPS connection (a "secure context").
Yesterday, Cisco rolled out Encrypted Traffic Analytics (ETA), a breakthrough technology that identifies malware in encrypted traffic without the need of intercepting and decrypting data streams.
The increased adoption of HTTPS among website operators will soon lead to browsers marking HTTP pages as "Not Secure" by default.
Three security researchers have discovered a variation to an old cryptographic attack that can be exploited to obtain the private encryption key necessary to decrypt sensitive HTTPS traffic under certain conditions.
New research published yesterday reveals that putting your trust in Extended Validation ("EV") SSL certificates will not safeguard you from phishing sites and online fraud.
Certificate Authority (CA) StartCom announced last week, on Friday, its intention to cease operations by 2018, and completely shut down its certificate infrastructure by 2020.
Comodo, the Internets' leading Certificate Authority (CA), has sold a majority stake in its SSL issuance business for an undisclosed amount to Francisco Partners, a San Francisco-based venture capital firm.
Mozilla engineers are discussing plans to remove support for a state-operated Dutch TLS/HTTPS provider after the Dutch government has voted a new law that grants local authorities the power to intercept Internet communications using "false keys."
Late yesterday afternoon, Google announced plans to deprecate and eventually remove PKP support from the Chromium open-source browser, which indirectly means from Chrome.
After last week we had the KRACK and ROCA cryptographic attacks, this week has gotten off to a similarly "great" start with the publication of a new crypto attack known as DUHK (Don't Use Hard-coded Keys)