Martijn Lammerts
My own digital place with a little of everything

Security Vulnerabilities in Certificate Pinning

8 December 2017
New research found that many banks offer certificate pinning as a security feature, but fail to authenticate the hostname. This leaves the systems open to man-in-the-middle attacks. From the paper: Abstract: Certificate verification is a crucial stage in the establishment of a TLS connection. A common security flaw in TLS implementations is the lack of certificate hostname verification but, in...
Continue reading...

Security Vulnerabilities in Certificate Pinning

8 December 2017
New research found that many banks offer certificate pinning as a security feature, but fail to authenticate the hostname. This leaves the systems open to man-in-the-middle attacks. From the paper: Abstract: Certificate verification is a crucial stage in the establishment of a TLS connection. A common security flaw in TLS implementations is the lack of certificate hostname verification but, in...
Continue reading...

Let’s Encrypt Is Making Web Encryption Easier

14 December 2016
That's the conclusion of a research paper: Once [costs and complexity] are eliminated, it enables big hosting providers to issue and deploy certificates for their customers in bulk, thus quickly and automatically enable encryption across a large number of domains. For example, we have shown that currently, 47% of LE certified domains are hosted at three large hosting companies (Automattic/wordpress.com,...
Continue reading...

Microsoft Security Advisory (2607712): Revokes the trust of the DigiNotar root certificates

13 September 2011

Microsoft has released an update for all supported versions of Microsoft Windows.
The update revokes the trust of the following DigiNotar root certificates by putting them in the Microsoft Untrusted Certificate Store:

  • DigiNotar Root CA
  • DigiNotar Root CA G2
  • DigiNotar PKIoverheid CA Overheid
  • DigiNotar PKIoverheid
Continue reading...