Avast makes malware authors really mad because we detect and block their money-making apps. In the past few weeks, the Avast Mobile Security analysts have been focusing on Android malware which targets users in Russia and Eastern Europe. One of the families that caught our interest was the Xbot malware. The name Xbot comes from […]
summary
The past few years within the SSL certificate industry have been busy with changes. 1024-bit RSA certificates are long gone, using public SSL certificates on servers with internal domain names is starting to disappear, and the SHA-1 hash algorithm is starting to see its final days. So what is next?
Starting 1 April 2015, Certification Authorities (CAs) are not permitted to issue SSL certificates (issued from a public root) with a validity period greater than 39 months. SSL certificates have limited validity periods so that the certificate’s holder identity information is re-authenticated more frequently. Plus it’s a best practice to limit the amount of time that any key is used, to allow less time to attack it.
In line with the latest Certification Authority/Browser Forum Baseline Requirements, CAs will stop issuing 4 and 5-year SSL certificates in the near future. Symantec plans on eliminating these options in late February 2015 on all SSL management consoles. Extended Validation (EV) SSL certificates still have a max validity period of 27 months but Organizational Validated (OV) and Domain Validated (DV) certificates (DV not offered by Symantec) will have this new 39-month lifespan.
So how will this affect those who install SSL certificates? The average person installing certificates in a large enterprise will have to go through the enrollment process a little more often. If the organization on that level and scale finds this detracts from employee productivity they may want to look at leveraging Symantec Certificate Intelligence Center Automation. To someone in a small organization who only issues SSL certificates on a very infrequent basis, they may find themselves looking for SSL installation instructions a little more often. To help you, Symantec has always offered a wealth of information online via our Knowledge Base (the preceding site will be migrating to this location in the near future) and offers amazing support by phone.
Please let us know what you think below in the comment section.
summary
The past few years within the SSL certificate industry have been busy with changes. 1024-bit RSA certificates are long gone, using public SSL certificates on servers with internal domain names is starting to disappear, and the SHA-1 hash algorithm is starting to see its final days. So what is next?
Starting 1 April 2015, Certification Authorities (CAs) are not permitted to issue SSL certificates (issued from a public root) with a validity period greater than 39 months. SSL certificates have limited validity periods so that the certificate’s holder identity information is re-authenticated more frequently. Plus it’s a best practice to limit the amount of time that any key is used, to allow less time to attack it.
In line with the latest Certification Authority/Browser Forum Baseline Requirements, CAs will stop issuing 4 and 5-year SSL certificates in the near future. Symantec plans on eliminating these options in late February 2015 on all SSL management consoles. Extended Validation (EV) SSL certificates still have a max validity period of 27 months but Organizational Validated (OV) and Domain Validated (DV) certificates (DV not offered by Symantec) will have this new 39-month lifespan.
So how will this affect those who install SSL certificates? The average person installing certificates in a large enterprise will have to go through the enrollment process a little more often. If the organization on that level and scale finds this detracts from employee productivity they may want to look at leveraging Symantec Certificate Intelligence Center Automation. To someone in a small organization who only issues SSL certificates on a very infrequent basis, they may find themselves looking for SSL installation instructions a little more often. To help you, Symantec has always offered a wealth of information online via our Knowledge Base (the preceding site will be migrating to this location in the near future) and offers amazing support by phone.
Please let us know what you think below in the comment section.
シマンテックは、金融機関を標的とする犯罪グループの活動を長期にわたって追跡してきました。
Read More
As atividades do grupo de crimes financeiros são rastreadas pela Symantec há algum tempo.
Read More
Symantec ha rastreado un tiempo las actividades de esta agrupación enfocada en realizar delitos financieros
Read More
The activities of the financial crime group have been tracked by Symantec for some time.Read More
Revision Note: V2.3 (February 16, 2015): Revised advisory to announce the planned date for disabling SSL 3.0 by default in Internet Explorer 11.Summary: Microsoft is aware of detailed information that has been published describing a new method to explo…
サイバー犯罪者は、悪質な Android アプリを利用して連絡先を盗み取ったうえで、被害者のわいせつ動画を友人や家族にばらまくと脅迫します。
Read More