We believe that most companies who do business online have been attacked by hackers at least once. Starting April 15, we were faced with a massive Distributed Denial of Service (DDoS) attack.
We discovered the attack when the SSLs Site Seal checking system notified us that it was unable to ping SSLs.com.
We feel immensely proud when we consider all the wonderful sites out there that are protected by our SSL certificates, but obviously SSL certificates are just one part of the cyber security puzzle.
So we thought we’d try and give our customers a helpful overview of the wider picture. There’s some great in-depth guides out there already, but we wanted to create something slightly different.
Since Google announced that using HTTPS encryption for all website pages is an important factor in SEO ranking, demand for SSL certificates to enable website security has increased even more.
Many webmasters and website owners remain confused about what actions are required to move their websites from HTTP to HTTPS without difficulty.
In a previous blog post we reported that Google and Microsoft are encouraging Certification Authorities (CAs) to depreciate the vulnerable and outdated SHA-1 cryptographic algorithm and move to the stronger SHA-2.
Starting January 1, 2016, CAs must not issue any new SSL certificates using the SHA-1 hash algorithm. CAs may continue to sign certificates to verify OCSP responses using SHA-1 until January 1, 2017. This year also began with an important update.
No one was immune to the impact of cyber criminal activities in 2014. It will be remembered as the year of the Heartbleed bug that caused a vulnerability in the popular OpenSSL cryptographic library; the Poodle attack against outdated SSL 3.0; the sunset of the SHA-1 cryptographic algorithm, which was frequently affected by cyber attacks; and the Shellshock software bug.
Many e-commerce giants, popular smartphone applications, and government and health organizations were also actively attacked by hackers in 2014.
In 2004 Bill Gates predicted the death of the password. It now feels that we’re moving closer to seeing Gates’ prediction come to fruition, but why has it taken so long? There simply hasn’t been the technology available to provide a solution that offers secure, stronger authentication combined with a good user experience. The password has ruled by necessity.
The widespread adoption of the smartphone coupled with an advancement in consumer biometric technology has changed the landscape. There’s now also a stronger public will to find a better authentication method. This has been fuelled by high-profile hacks, which have further exposed the vulnerability of the one-time password.
One of the most important parts of SSL certificates’ security is the signature algorithm. The SHA-1 cryptographic algorithm, created nearly 20 years ago, is one of the most commonly used hash function for websites that are protected with SSL.
SHA-1 is getting weaker every day and is frequently exposed to collision attacks in which hackers may obtain fraudulent certificates. However, SHA-1 is still widely used for many websites that are protected with SSL.