Hosting News »

11 December, 2018 – 4:32 am |

Perhaps following the example of data center of Google chillerless Belgium (www.microsoft.com) new technology giant Microsoft’s mega data center in Dublin is based almost entirely on free cooling. First announced in June, the Microsoft data generation 3 mega center officially opened in July. The data center is designed to support “the company’s software plus services” […]

Read the full story »
Business News
energy
Aparatos
Environment
Science
Home » Tech News

VeriSign and Mozilla Respond to SSL Security Loophole

Submitted by on 11 June, 2018 – 4:32 am

Presented last week by security mavens Dan Kaminsky of IOActive and independent analyst Moxie Marlinspike, the null characters threat lets an assailant use the null characters inserted in some SSL certificates to deceive just about all conventional browsers into believing it is another site. According to VeriSign’s statement, none of VeriSign’s SSL Certificates are issued with null characters in the common name, so VeriSign certificates can’t be employed in this kind of attack.

“It’s natural to be troubled when security professionals uncover weaknesss that may open an organization and its consumers to attack, but site operators can rest warranted that SSL Certificates from VeriSign can’t be used as a part of the SSL threats made public this week,” VeriSign product selling vice chairman Tim Callan asserted in an announcement. VeriSign’s defensive capacity applies both to customer-facing and non-customer-facing-systems,eg auto-updating desktop applications.

Pros also think certificates using Message Digest Algorithm two could be subject to pre-image attacks, rendering this hash function disloyal. Since May 2009 VeriSign has issued SSL Certificates using SHA- 1, designed by the nation’s Security Agency, assuring existing VeriSign consumer they aren’t exposed to this attack and their certificates do not have to get replaced. An official blog post reads, “We strongly recommend that all Firefox users upgrade to this latest release.” Those with Firefox 3.5 or Firefox three installed will receive an automatic update notification.

Tags: , , , , , , , ,

Leave a comment!

Add your comment below, or trackback from your own site. You can also Comments Feed via RSS.

Be nice. Keep it clean. Stay on topic. No spam.

You can use these tags:

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong> 

This is a Gravatar-enabled weblog. To get your own globally-recognized-avatar, please register at Gravatar.