Mozilla is taking steps to limit the risk of powerful subordinate Certificate Authority (CA) certificates falling into the hands of attackers and potentially being used to issue rogue certificates for use in SSL snooping attacks.
A mish-mash of security issues came up this week, everything from how to protect virtualized environments to a system that protects copper in utility sites from robbery and a story about digital certificate thefts.
A security researcher criticized Apple for what he called "foot dragging" over the DigiNotar certificate fiasco, and urged the company to quickly update Mac OS X to protect users.
In an attempt to provide a more streamlined remote support experience, Dell installed a self-signed root certificate and corresponding private key on its customers' computers, exposing users' encrypted communications to potential spying.
A certificate snafu grounded Microsoft's Azure cloud last weekend for more than a day, prompting one company to create a free service to help certificate administrators avoid similar mistakes.
The FAA issued a Certificate of Waiver or Authorization to survey BP pipelines, roads and equipment at Prudhoe Bay, the largest oilfield in the United States. The FAA has said in the past it would set at least three permanent Arctic areas where unmanned aircraft operations would take place.
The CEO of Comodo, a certificate-issuing company hacked in March, is even more certain now that a wave of attacks against similar firms is backed by the Iranian government.
Network news, trend analysis, product testing and the industry’s most important blogs, all collected at the most popular network watering hole on the Internet | Network World
The exemptions fall under Section 333 of the FAA Modernization and Reform Act of 2012 which lets the gives the Secretary of Transportation authority determine if an airworthiness certificate is required for an unmanned aircraft to operate safely in the national airspace system. This exemption typically allows flights anywhere in the country at or below 200 feet except in restricted airspace, close to airports, and other areas, such as major cities where the FAA prohibits drone operations.
The FAA issued a Certificate of Waiver or Authorization to survey BP pipelines, roads and equipment at Prudhoe Bay, the largest oilfield in the United States. The FAA has said in the past it would set at least three permanent Arctic areas where unmanned aircraft operations would take place.
The exemptions fall under Section 333 of the FAA Modernization and Reform Act of 2012 which lets the gives the Secretary of Transportation authority determine if an airworthiness certificate is required for an unmanned aircraft to operate safely in the national airspace system. This exemption typically allows flights anywhere in the country at or below 200 feet except in restricted airspace, close to airports, and other areas, such as major cities where the FAA prohibits drone operations.
Despite getting an experimental 'airworthiness' certificate from the FAA, there are plenty of bigger reasons Amazon's hopes to use drone to deliver purchases will never really take off.
SSL/TLS, the protocol that protects security of e-commerce, has taken a beating lately, with news items ranging from the violation of certificate authorities to the discovery of an exploit that beats the protocol itself.
The SSL certificate authorities like Comodo that have had their security undermined by hackers shouldn't be trusted, and in fact, the way the entire SSL certificate industry of today works can and should be replaced with something better, says Moxie Marlinspike, a security expert who's come up with a plan he says will do that.
There were 6 a.m. calls from Finnish certificate authorities and also some pretty harsh words from his peers in the security community, even an accidentally leaked Black Hat presentation, but after managing the response to one of the most highly publicized Internet flaws in recent memory, Dan Kaminsky said Wednesday that he'd do it all over again.
Cisco Talos today warned of a flaw in the X.509 certificate validation feature of Apple macOS and iOS that could let an attacker remotely execute code and steal information.
Trying to keep business professionals ahead of the rapidly changing technology environment, Cisco this week rolled out new business certificate and training packages.
Despite getting an experimental 'airworthiness' certificate from the FAA, there are plenty of bigger reasons Amazon's hopes to use drone to deliver purchases will never really take off.
Miffed certificate authorities are calling on Google to give websites more time to upgrade the security used in browser-to-server communications before displaying warnings in Chrome.