Website Security Solutions | Latest Guides | Blog

Let's Encrypt becoming untrusted in 2021 for some

| #Articles

Let’s Encrypt is a fairly popular service offering free SSL/TLS certificates to those who are uninterested in the value-add of traditional certificate resellers. Historically, this CA has partnered with IdenTrust to provide this service as it has existed in the root stores of client machines for many years. Let’s Encrypt’s strategy was dualfold: their certificates were signed by their own CA while… [read more →]

A Quick Guide to Understanding Ransomware

| #Articles

One of the biggest threats to any organisation today is a ransomware attack. Bad actors, through the use of purpose-built software, infiltrate a computer network and take data hostage. This kind of attack can affect companies big and small, in every sector. So much of what we do depends on technology. Imagine if a company providing an online service can no longer provide that service to its… [read more →]

Understanding the SSL/TLS Racoon Attack

| #Articles

It’s that time again. As protocols mature, inevitably security vulnerabilities lurking beneath the surface are uncovered by security professionals. The so-called “Racoon” vulnerability is unusual however in that it affects TLS 1.2, arguably the most secure version of SSL/TLS to be using today. Some sensationalists describe this as the “Heartbleed of 2020”, while other researchers contend that this vuln… [read more →]

SSL/TLS and captive portals

| #Articles

What is a captive portal? Have you ever used public internet at an airport or a coffee shop? Perhaps you have to accept a terms of service before being granted access to the WIFI at your place of work? If so, chances are that you’ve used a captive portal – possibly without knowing it! Captive Portals are a legitimate means of grabbing the users attention, either to force them to accept terms of ser… [read more →]

SSL Certificates now limited to 1 Year terms

| #News

To improve web PKI and security, Certificate Authorities (CA) will no longer be issuing SSL/TLS certificates with validity periods longer than one-year starting September 1, 2020. Initiated by Apple Safari and joined by Google Chrome and Mozilla Firefox, the new max validity period will be 398 days which is one-year plus a 33-day renewal grace period. The shortening of certificate validity… [read more →]