Tuesday, February 25, 2020
23,000 SSL certificates

Private keys Leaked – 23,000 SSL Certificates to be Revoked Within Next 24 Hours

More than 23,000 SSL certificates that purchased through the reseller Trustico will be revoked today. The entire saga starts on February 2nd, 2018 when Trustico reached out to Digicert for mass revocation. "Trustico not has provided any details how the...
Abusing X.509 Digital Certificates

New Method to Establish Covert Channel Communication by Abusing X.509 Digital Certificates

Security researchers from Fidelis identified a new method to establish a covert channel communication by abusing widely implemented X.509 public key certificates. Certificates remain as a critical component of secure connection to a website. When a browser establishes a secure...
TLS/SSL vulnerabilities

testssl.sh – Tool to check cryptographic flaws and TLS/SSL Ciphers on any Ports

testssl.sh is a free command line tool which checks a server's administration on any port for the help of TLS/SSL ciphers, protocols and some TLS/SSL vulnerabilities. Key features 1. Easy to install. 2. You can check with all port not only with...
Certificate Pinning

Digital Certificate Security – Certificate Pinning

Generally, SSL certificate used to verify the security level of a website/URL. In the SSL handshake method, Client verifies the website/application certificate with the authorized public CA or where the respective certificate got issued. If the certificate got verified by...
HTTPS Strict Transport Security

HTTPS Strict Transport Security: What is It and How it Works

Have you got HTTPS protocol working on your web server? If you answered in yes, that’s great. But have you got the HTTPS Strict Transport Security (HSTS) Policy implemented? I guess your answer is NO… and if it is...