Blog Archives

Apple denied a certificate trust of WoSign

Apple has exacerbated the deplorable situation of the WoSign, announcing that soon will withdraw confidence to its free intermediate SSL-certificates for MacOS. Apple’s decision was made public a few days after Mozilla has accused this Chinese CA in the issuing

Posted in CA, Vulnerabilities, What is an SSL-Certificate Tagged with: , , , ,

False CONNECT vulnerability allows MitM-attack and intercept HTTPS-traffic

The problem is caused due to errors in the implementation of proxy authentication procedures used in the software of different manufacturers. Researcher Jerry Decime revealed details of the vulnerability allow an attacker to carry out attacks “man in the middle”

Posted in Vulnerabilities Tagged with: , ,

Error of SSL connections – what to do and how to fix it?

First, let’s understand what it is. SSL – a cryptographic protocol which makes connection more secure. Sites that use the protocol started by https: //. You absolutely can stop worry about information leakage, if the certificate has been made in

Posted in Browser Errors, Vulnerabilities Tagged with: , , , ,

Note: encrypted traffic can be a threat!

Without any sane strategy to manage encrypted traffic, you can be vulnerable to attacks and leakage of critical data. The use of SSL and TLS is growing rapidly. This is good because it allows you to protect the privacy of

Posted in Vulnerabilities Tagged with: , , , , , ,

Chinese CA issued SSL-certificate for Github domain to simple user

An applicant may receive a free SSL-certificate for the base domain, if he can confirm the control of a subdomain. Chinese certification authority (CA) WoSign, specializing in the issue of free SSL-certificates, mistakenly issued certificates for basic domains Github and

Posted in Validation, Vulnerabilities Tagged with: , , , ,

Fraudsters use StartEncrypt to obtain SSL-certificates

If the title makes someone a slight feeling of déjà vu, it is not surprising. In March 2016 the Israeli company StartCom, which owns StartSSL service and project StartEncrypt for issuance of free SSL-certificates to everyone, has suffered from a

Posted in Vulnerabilities Tagged with: , , , ,

How and When Apply SSL-certificates?

The decision on the use of SSL certificates is based on the importance of ensuring the confidential transmission of data on the Internet. For example, when carrying out financial transactions through your web-site, application of SSL certificate is self-evident. If

Posted in CA, Vulnerabilities Tagged with: , , , , ,

EV certificate to protect against phishing

Internet fraud has become more coordinated and sophisticated, eroding consumer confidence, which is so necessary in the Internet business. Phishing – this is just one of many tactics that scammers use to get personal, confidential information of users. Due to

Posted in CA, Validation, Vulnerabilities Tagged with: , , , , , , ,

One-way authentication – protection from phishing

Using the protocol SSL (Secure Sockets Layer) provides secure communication between Web-server and users. Despite the fact that the protocol allows authentication not only the server and the user, in practice, only one-way authentication is used most often. To establish

Posted in CA, Vulnerabilities Tagged with: , , , , ,

Malware exploit SHA-2 certificates

Rejection of the SHA-1 certificates had an impact not only on the owners of sites and software vendors, but also to malware creators. In a recent report, Symantec revealed information that company discovered a whole family of malicious programs that

Posted in Validation, Vulnerabilities Tagged with: , , , , , , , ,

All about SSL

This site is dedicated to SSL-certificates. You will learn what is an SSL certificate, how to issue and reissue it. FAQ SSL will be useful for both novices and pros. SSL Knowledgebase contains sections on validation, trust logo, vulnerabilities, SSL-certificates differences by type (Wildcard, EV, DV, etc.), as well as many other things.