Gregory Webb • User • The Register Forums

Posts by Gregory Webb

2 publicly visible posts • joined 1 Aug 2008

VeriSign remedies massive SSL blunder (kinda, sorta)

Friday 9th January 2009 23:59 GMT Gregory Webb

This is no remedy

If the method engineered by the researchers has already been discovered and used by hackers, than any organizations currently utilizing a certificate within their chain (be it the root, an intermediate, or a leaf), could potentially be the victim of a man-in-the-middle attack. Because we have no way of knowing whether or not this is the case, organizations should consider mitigating risk by replacing certificates using the MD5 hash function.

Given this condition, more needs to be done. http://tiny.cc/ns4b8

0 0

Gmail certificate expiry snafu follows security upgrade

Friday 1st August 2008 18:45 GMT Gregory Webb

business impact of expired certs

While I doubt anyone will loose faith in Google's ability to secure our data and/or gmail, expired certs and the ensuing security pop-up alerts do impact consumer behavior. Over time users become conditioned to the alerts and simply begin to ignore them. This is certainly not a security best practice, especially as phishing scams abound.

Check out some compelling survey results on this topic at: http://www.venafi.com/Collateral_Library/VenafiEncryptionStudy2007.pdf

0 0

Topics

Special Features

Vendor Voice

Resources

User topics

Article topics

Posts by Gregory Webb

VeriSign remedies massive SSL blunder (kinda, sorta)

This is no remedy

Gmail certificate expiry snafu follows security upgrade

business impact of expired certs

About Us

Our Websites

Your Privacy