Cyber security news for all

More

    Let’s Encrypt announced 3 million certificates with security problems

    The certification authority Let’s Encrypt invalidates nearly 3 million TLS relationship condition of a security problem in its software. Visitors run the risk of receiving TLS errors from tomorrow morning. Encrypted administrators come through email, but they only have 24 hours to subscribe to the renewal. Many web admins feel overwhelmed by the short deadline of the certification authority.

    According to the people in charge at Let’s Encrypt, the security problems surround a software error in the CAA code of the certification body, which is part of an open source software that is installed in Boulder. Due to the error, domains whose DNS contracts actually die instead can be issued with official visibility. In theory, this makes it possible to have Let’s Encrypt relatives issued for foreign domains. Intercept and eavesdrop on a first certificate authorization network, a new access to web traffic from and to this domain was actually supposed to do just that.

    Software Bugs In The Boulder Project Include Damage

    According to Let’s Encrypt, the bug was found in Boulder  and was patched at the same day. It was managed by a change to the software in July. Therefore, the CA must now invalidate all claims that were made with the faulty software.  A Let’s Encrypt spokesman told the IT security news site, perceived by AV manufacture, that the CA had given up the tight deadline for renewing responsibility by managing the CA browser forums. You have no choice but to stick to it. The CA Browser forum is the amalgamation of certification bodies and browser manufacturers that provide guidelines for dealing with guidelines. All generally as trustworthy authorized certification bodies adhere to these requirements.

    Access to a web server belonging to several domains that can be addressed via HTTPS is a certificate of trust from Let’s Encrypt that covers all of these domains so that they are not given unnecessarily for all important domains. Due to the software error responsibility boulder, however not all of these domains are individually checked for DNS entries, which are subject to scrutiny by encryption are only checked by one of the domains management. It has also been possible to have appropriate claims for domains issued that do not even know that.

    Recent Articles

    Amazon accounts are the new target of cyber criminals

    Amazon is a popular target for cyber criminals who want to exploit the trust and image of the company among its customers with emails....

    Hackers stole thousands of passport data in Argentina

    In response to millions of dollars ransom refused by the Argentine Immigration Service, a ransomware group released passport data from hundreds of thousands of...

    USA wants to improve cybersecurity of space systems

    CISA has published a table this week that summarizes Chinese activities against cybersecurity. Some attacks have succeeded and enabled hackers to gain a foothold...

    Unknown attackers had access to personal data of Warner Music

    Warner Music Group has admitted a security incident in which customers card details were stolen in some of the company's online stores. Warner Music...

    Donald Trump wants to force a sale of TikTok to Microsoft

    It was recently announced that President Donald Trump plans to prohibit business with the owners of TikTok by decree. The American head of state...

    Related Stories

    Leave A Reply

    Please enter your comment!
    Please enter your name here

    Stay on op - Ge the daily news in your inbox