Maintaining the security of your website is a very thoughtful process. Check out the most recent news in the SSL Certificates industry in order to ensure secure browsing for your clients:
- The 3.2 version of PCI DSS will be released this spring, though it was scheduled to be released in fall. The PCI Security Standards Council revised the release date in order to address the revised SSL/TLS migration terms.
- A vulnerability in a Unix-based caching proxy called Squid made possible for remote attackers to perform a Denial-of-service attack, during the connection to a TLS or SSL server. It seems that this vulnerability allowed any trusted client to complete a DoS attack, regardless of its SSL or TLS proxy configuration, if the Squid had the “with OpenSSL” option.
- According to the findings from the US Consumer Privacy Index, Americans worry more about online safety rather than income loss. More than 68% (with 45% increase since 2015) of respondents consider that losing online privacy is more alarming than losing their main income source (57%).
- Mozilla Firefox browsers have rejected websites with SHA-1 certificates at the beginning of this year. After all, Mozilla revised its decision and updated its antiviruses and security scanners to perform HTTPS connections to websites with such certificates. On the other side, Google allowed their security services to trust only SHA-1 certificates released from public Certificate Authorities.
- Cisco announced about the vulnerability in their Jabbar chat client. The vulnerability would give the possibility to launch a man-in-the-middle attack through first performing a TLS downgrade. This warning and announcement finished off the year of many attacks against SSL/TLS.
- Google announced that in 2016 Chrome will block the new SHA-1 Certificates. Furthermore, starting with the year 2017 it will totally reject all the SHA-1 Certificates. These measures were taken to protect users from the individual TLS vulnerabilities.
- OpenSSL released 4 patches regarding security vulnerabilities, from moderate to low. The patches didn’t refer to any bugs that would affect SSL Certificates; they addressed the mandatory OpenSSL version updates.
Summing all up
SSL Certificates industry remains a dynamic and flexible filed where constant security updates systematically eliminate security flaws in data encryption.