DigiCert Blog

All posts under: News

  1. FREAK Attack: What You Need to Know

    Currently known as ‘FREAK,’ this vulnerability (CVE-2015-0204) allows attackers to intercept HTTPS connections between vulnerable clients and servers and force them to use ‘export-grade’ cryptography. This export-grade cryptography includes out-of-date encryption key lengths that can then easily be decrypted. This vulnerability does not effect on SSL Certificates and does not require any action related to…


  2. This Month in SSL: February 2015

    Digital Security News

    Here is our latest news roundup of articles about network and SSL security. Click here to see the whole series. SSL & Encryption News New CA/B Forum Baseline Requirements make it so Certificate Authorities can only issue certificates with validity periods up to 39 months starting on April 1. The final touches are being put…


  3. Superfish-like Behavior Found Again with Komodia and PrivDog

    Since last week’s Superfish revelation, researchers have unveiled additional adware and security applications that also subvert HTTPS and our system of online trust. Komodia/Lavasoft Komodia is an SSL interception module for Windows that is installing a self-signed CA root certificate onto local operating system root stores. Compounding matters, Komodia uses duplicate digital certificates across all…


  4. Lenovo’s Superfish Adware and the Perils of Self-Signed Certificates

    Late last night, reports started coming out that Lenovo was shipping PCs with man-in-the-middle adware that breaks HTTPS connections. Lenovo, like most manufacturers, ships its PCs with pre-installed software. In this case, the software is Superfish, which inserts visual advertisements into web pages such as Google search results. And while this pre-installed adware is annoying…


  5. SSL Certificate Validity Periods Limited to 39 Months Starting in April

    In accordance with the CA/Browser Forum’s Baseline Requirements, effective April 1, 2015, Certificate Authorities will no longer be able to issue SSL Certificates with a validity period longer than 39 months.  There is an exception to this rule, but the exception should only apply to extremely rare circumstances. The current requirements stipulate a validity period no…