ZDNet

Let's Encrypt disables TLS-SNI-01 validation

Let's Encrypt has disabled TLS-SNI-01 validation after the discovery of an attack able to hijack certificates using the protocol. The certificate authority, which offers free SSL and TLS certificates ...
CSOonline

Wildcard Certificate Risks and the ALPACA TLS Attack

What is the ALPACA attack? The application layer protocol content confusion attack (ALPACA) was first disclosed in June and presented at Black Hat USA 2021. To understand ALPACA, it’s helpful to ...
Network World

Father of SSL says despite attacks, the security linchpin has lots of life left

SSL/TLS, the protocol that protects security of e-commerce, has taken a beating lately, with news items ranging from the violation of certificate authorities to the discovery of an exploit that beats ...
SiliconANGLE

Security certificate lifespans to be reduced to 47 days by 2029 under new industry standard

The Certification Authority Browser Forum has voted to reduce Secure Sockets Layer/Transport Layer Security certificates to 47 days by March 2029, in a move that will radically alter existing security ...
InfoQ

Beyond the Padlock: Why Certificate Transparency is Reshaping Internet Trust

A monthly overview of things you need to know as an architect or aspiring architect. Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with ...
Forbes

Digital Groundhog Day: The 47-Day TLS Certificate Mandate You Can’t Escape

Every digital transaction—checkout, login, API call—runs on a hidden foundation of millions of machine identities. Transport Layer Security (TLS) certificates, just one type of machine identity, are ...