SSL - News, Features, and Slideshows

News

• 5 things you need to know about SSL

  Here's a quick and dirty guide to SSL/TLS, one of the most important technologies for securing data on the Internet.

• New SSL server rules go into effect Nov. 1

  Public certificate authorities (CAs) are warning that as of Nov. 1 they will reject requests for internal SSL server certificates that don't conform to new internal domain naming and IP address conventions designed to safeguard networks.

• What Google, Facebook and Twitter are doing right with website security

  The popular services of Google, Facebook and Twitter are improving in terms of security, says Scott Behrens, head of Neohapsis Labs, which took a security snapshot of them on May 28 through an analysis that included looking at server headers sent during responses to the websites.

• Certificate Authorities Form Group to Educate on SSL Best Practices

  Responding to the increasing number of threats aimed at certificate authorities and the ecosystem of trusted online transactions they represent, seven certificate authorities have come together to form an advocacy group to advance security standards and promote best practices.

• What's lurking in your network? Find out by decrypting SSL

  Organizations have spent vast sums of money on security systems and, when deployed and operated correctly, they play a key role in safeguarding the organization. However, most systems have one critical dependency: The traffic flowing through must be readable. If the traffic is encrypted, many systems are almost completely useless, giving the system owner a false sense of security.

• Father of SSL, Dr. Taher Elgamal, finds fast-moving IT projects in the Middle East

  Often called the "father of SSL" due to his role as a cryptographer at Netscape Communications where in the mid-'90s he helped bring SSL encryption to the Web, Dr. Taher Elgamal now travels the Middle East as an IT consultant and project coordinator for business and government there.

• SSL certificate authorities vs. ???

  With all the publicity about breaches of <a href="http://www.networkworld.com/news/2011/081811-ssl-249874.html">SSL certificate authorities</a> and a hack that exploits a vulnerability in the supposedly secure protocol, it's time to consider something else to protect Internet transactions. If only there were something else to turn to.

• Father of SSL says despite attacks, the security linchpin has lots of life left

  SSL/TLS, the protocol that protects <a href="http://www.networkworld.com/topics/security.html">security</a> of e-commerce, has taken a beating lately, with news items ranging from the violation of certificate authorities to the discovery of an exploit that beats the protocol itself.

• With SSL, who can you really trust?

  SSL, the encryption scheme that protects virtually all secure online transaction, requires that users rely on trusted third parties, but what if they can't be trusted?

• Low-cost SSL proxy could bring cheaper, faster security; defeat threats like Firesheep

  Researchers have found a cheaper, faster way to process SSL/TLS with off-the-shelf hardware, a development that could let more Web sites shut down cyber threats posed by the likes of the Firesheep hijacking tool.

• Google offers encrypted Web search option

  People who want to shield their use of Google's Web search engine from network snoops now have the option of encrypting the session with SSL protection.

• Benefits of Google Encrypted Search

  Google launched a <a href="http://www.pcworld.com/article/196932/encrypted_search_comes_to_google.html">new beta service this week</a>--encrypted search using SSL (secure sockets layer) to protect searches from being snooped or intercepted while traversing the Internet. <a href="http://www.pcworld.com/businesscenter/article/196908/google_offers_encrypted_web_search_option.html?tk=rel_news">Encrypted Google search</a> is still not entirely private, but it has benefits for individuals and businesses to <a href="http://www.pcworld.com/businesscenter/article/195659/users_are_their_own_worst_enemy_for_online_privacy.html">ensure sensitive information is not exposed</a> to prying eyes.

• VeriSign rolls out new Web site verification service

  VeriSign is introducing a certification service that confirms whether a business is legitimate and that their Web site is free of malware.

• UBS to deploy IBM secure banking USB device

  Banking giant UBS has started deploying a device from IBM that ensures online banking transactions aren't being interfered with by hackers.

• Botnet targets major Web sites with junk SSL connection

  More than 300 Web sites are being pestered by infected computers that are part of the Pushdo botnet, according to security researchers.