BLOG

Google will soon be issuing a stronger warning to visitors who navigate to a website that does not have the protection of an SSL/TLS certificate. With the release of Chrome 53 on Windows, Google has changed the trust indications to introduce the circle-i. 

At Black Hat USA 2016, doctoral candidates Mathy Vanhoef and Tom Van Goethem presented HEIST, an SSL/TLS vulnerability. HEIST is short for “HTTP Encrypted Information can be Stolen through TCP-windows.”

EV Code Signing certificates are based on the Extended Validation (EV) Code Signing Certificates guidelines developed by the CA/Browser Forum. The guidelines combined the EV standard for validation with specific code signing components such as protecting private keys with hardware and providing time-stamp services. The demand for EV Code Signing certificates is growing thanks to the recent release of Windows 10. By October 29th, 2015 (90 days after release) all drivers provided to Microsoft must be submitted with a signature from an EV Code Signing certificate. Microsoft will trust the submission as the EV Code Signing certificate will prove that the publisher’s identity has been determined and the certificate issuance authorized. EV Code Signing certificates are similar to standard Code Signing certificates, but have some distinct advantages: