Posts Tagged ‘certificate’

D-Link’s Digital Certificate Disclosure could Allow Spoofing

Thursday, October 1st, 2015

Here’s a potential security hole that most of us should probably be concerned about, but fortunately, there’s an easy way to check to see if you’re vulnerable.

D-Link Corporation disclosed four digital certificates recently inadvertently that attackers could use to spoof content. While the certificates cannot be used to issue others or impersonate domains, they can be used to sign code which attackers could use to (better) disguise malware as legitimate software. Microsoft has released a security advisory and an update to remove the affected digital certificates from supported versions of Windows. D-Link has revoked the certificates in the meantime as well.

(more…)

Upcoming Policy Changes to Google Chrome’s Certificate Handling

Friday, September 27th, 2013

This sounds like a helpful move; improved security and authentication are always a good thing.

Most financial websites and many popular services and sites offer SSL connections exclusively or in addition to regular connections. Whenever a browser connects to a website via SSL, it will download a certificate that it verifies to make sure the connection is legit.

(more…)