“In A Heartbleed”
Submitted By:
Gregory V. Boulware
And
Marta Fernandez, LinkedIn.com
http://www.pcworld.com/article/2142740/in-... Article:
In Heartbleed's wake, Comodo cranks out fresh SSL certificates,
By
Jeremy Kirk
Tens of thousands of new digital certificates have been issued by Comodo in the wake of the “Heartbleed” security flaw, which has put Internet users’ data at risk.
One of New Jersey-based Comodo’s main business lines is issuing the digital certificates that encrypt traffic between users and a Web service, a critical shield that protects users from spying by third parties.
Over the last day or so, Comodo has seen a huge uptick in requests for new digital certificates from website operators, said Robin Alden, Comodo’s chief technology officer.
“The last couple of days, we’ve seen replacement rates running at somewhere between 10 to 12 times the normal rate than were replacing a week ago,” Alden said. “That’s obviously fallout from this.”
The spike comes after the disclosure on Monday of the so-called Heartbleed vulnerability in an open-source software package, OpenSSL, widely used in operating systems, routers and networking equipment.
It is believed the flaw might in some cases allow an attacker to obtain the private key for a SSL (Secure Sockets Layer) certificate. With that private key, an attacker could create a fake website with an SSL certificate that passes the verification test indicated by a browser’s padlock.
The Flaw…
http://www.pcworld.com/article/2142740/in-... SSL - A definition:
SSL: pronounced as separate letters) Short for Secure Sockets Layer, a protocol developed by Netscape for transmitting private documents via the Internet. SSL works by using a private key to encrypt data that's transferred over the SSL connection. Both Netscape Navigator and Internet Explorer support SSL, and many Web sites use the protocol to obtain confidential user information, such as credit card numbers. By convention, URLs that require an SSL connection start with
https: instead of
http: Another protocol for transmitting data securely over the World Wide Web is Secure HTTP (S-HTTP).
Whereas SSL creates a secure connection between a client and a server, over which any amount of data can be sent securely, S-HTTP is designed to transmit individual messages securely. SSL and S-HTTP, therefore, can be seen as complementary rather than competing technologies. Both protocols have been approved by the Internet Engineering Task Force (IETF) as a standard.
'ExplorB2B'
https://www.exploreb2b.com/articles/the-pl... http://en.blog.wordpress.com/2014/04/15/se... */
Posted By: Gregory V. Boulware, Esq.
Wednesday, April 16th 2014 at 11:36PM
You can also
click
here to view all posts by this author...