39-Month Maximum SSL Validity Period

In a previous blog post we reported that Google and Microsoft are encouraging Certification Authorities (CAs) to depreciate the vulnerable and outdated SHA-1 cryptographic algorithm and move to the stronger SHA-2.

Starting January 1, 2016, CAs must not issue any new SSL certificates using the SHA-1 hash algorithm. CAs may continue to sign certificates to verify OCSP responses using SHA-1 until January 1, 2017. This year also began with an important update.

Read more

Cyber Security in 2015

No one was immune to the impact of cyber criminal activities in 2014. It will be remembered as the year of the Heartbleed bug that caused a vulnerability in the popular OpenSSL cryptographic library; the Poodle attack against outdated SSL 3.0; the sunset of the SHA-1 cryptographic algorithm, which was frequently affected by cyber attacks; and the Shellshock software bug.

Many e-commerce giants, popular smartphone applications, and government and health organizations were also actively attacked by hackers in 2014.

Read more

Death of the Password – Infographic

In 2004 Bill Gates predicted the death of the password. It now feels that we’re moving closer to seeing Gates’ prediction come to fruition, but why has it taken so long? There simply hasn’t been the technology available to provide a solution that offers secure, stronger authentication combined with a good user experience. The password has ruled by necessity.

The widespread adoption of the smartphone coupled with an advancement in consumer biometric technology has changed the landscape. There’s now also a stronger public will to find a better authentication method. This has been fuelled by high-profile hacks, which have further exposed the vulnerability of the one-time password.

Read more

Sunsetting SHA-1 and Moving to SHA-2

One of the most important parts of SSL certificates’ security is the signature algorithm. The SHA-1 cryptographic algorithm, created nearly 20 years ago, is one of the most commonly used hash function for websites that are protected with SSL.

SHA-1 is getting weaker every day and is frequently exposed to collision attacks in which hackers may obtain fraudulent certificates. However, SHA-1 is still widely used for many websites that are protected with SSL.

Read more

Web Spam: An Information Invasion

Massive web spam distribution is a disease of the modern information society. Today’s spammers are far ahead of many existing spam protection tools.

Existing tools – anti-spam gateways, the anti-spam algorithms used by search engines and built-in mail services, blog and forum filters – are not sufficiently effective against this enemy. True spam reduction requires proper understanding of existing spam technologies. Such knowledge points the way to appropriate and effective countermeasures.

Read more

SSLs.com now accepts Bitcoin

We are happy to announce that you are now able to purchase SSL certificates using Bitcoin on SSLs.com

Our Bitcoin capability is powered by Stripe, one of the world’s most progressive and frictionless payment processors. SSLs.com is the first SSL shop to take advantage of Stripe’s support for Bitcoin payments. Bitcoin is one of the most widely used virtual currency based on a peer-to-peer payment network that does not exist in physical form, as it is not affiliated to any financial institutions or governments and controlled by all Bitcoin users.

Read more