Microsoft removes TLS 1.0/1.1 from Windows, with possible negative effects
Microsoft is soon going to remove some old versions of the security protocol TLS from Windows. Upcoming versions of the operating system will then no longer have TLS 1.0 and TLS 1.1 by default. This could affect the operation of (business) applications.
According to the tech giant, removing the ... Read more
Fastly learns from incidents with insecure websites and launches Certainly
Fastly is releasing a TLS Certficiation Authority service. The public availability of the service comes simultaneously with the completion of the acquisition of Domainr.
Certainly is a Transport Layer Security (TLS) Certification Authority service. That is supposed to better secure internet user... Read more
Google now protects TLS encryption in Chrome from quantum computers
Google recently released a hybrid key encapsulation mechanism (KEM). This should protect the sharing of symmetric encryption secrets while establishing secure TLS network connections. It should primarily be a defense mechanism against possible analysis from quantum computing environments. Google Ch... Read more
‘Encrypted cyberattacks increase by 20 percent’
Cybercriminals increasingly encrypt attack traffic. A research report from Zscaler suggests that more than 85 percent of all cyberattacks were partially or fully encrypted from October 2021 through September 2022, up 20 percent year-over-year.
Encrypted attack traffic slows detection and analy... Read more
Hackers use new attack method to compromise HTTPS protocol
The ALPACA attack profile uses domain confusion to fool secure web servers.
Researchers in Germany have identified a new type of "man in the middle" attack vector that uses cross-protocol server communications to infiltrate and compromise supposedly secure HTTPS servers.
In most cases, especi... Read more
New Sophos XGS firewalls protect against TLS attacks
Sophos has announced its new firewall appliances in the XGS series. The firewalls should excel in the area of TLS inspection, with native support for TLS 1.3.
TLS inspection on the XGS firewalls should be up to five times faster than on other models currently available, claims Sophos. The firewa... Read more
OpenSSL patches high-severity take-down vulnerability
The most widely used software library for encrypting website and email encryption, OpenSSL, has patched several high-severity flaws that make it easy for hackers to completely shut down a lot of servers at the same time.
OpenSSL offers users tested cryptographic functions that implement Transpor... Read more
Let’s Encrypt temporarily solves problems on older Android phones
Let's Encrypt has found a solution to the problem that older Android smartphones will soon no longer trust some websites due to an expired certificate. No action from end users is required.
To solve the problematic TLS certificates, Let's Encrypt and IdenTrust agreed that the latter company woul... Read more
Many websites will soon stop working on older Android phones
Android phones with Android 7.1.1 or older will soon be unable to reach many websites. This applies to websites with a TLS certificate from Let's Encrypt. A workaround is available.
For years, Let's Encrypt has been distributing free TLS certificates to websites that want to secure their connect... Read more
“Many CMS plug-ins disable TLS certificate validation.
A large number of CMS plug-ins and PHP libraries deliberately disable the validation of SSL/TLS certificates, reports ZDNet. This would put millions of Internet users at risk. In addition, many of the plugins and libraries are used to establish connections to payment service providers that later sen... Read more