Security Archive

Sign your Code

Just recently the new Firefox version 3.5 was released with many new features, whistle and bells….native video and audio support being one of them. Porn private browsing mode and super fast rendering just another. If you haven’t updated and tried the latest and greatest from the house of Mozilla, I highly recommend to do that […]

Securing a Revolution

It’s my own and StartCom’s company policy to refrain from voicing personal opinions regarding political matters. Otherwise however StartCom takes a clear stance when proclaiming:
We believe in the right to protect and secure information between two entities without discrimination of race, origin and financial capabilities.

The Geek Factor

I don’t need any stinkin’ CA issued certificates for my web sites, for this I do -  openssl 123 …
So goes the usual rant by geeks, hackers and open source enthusiasts against the certification authorities and their accomplices Internet Explorer, Firefox and Co.. Why is that and did anything change?

The Race Is On - You Won

The competition in the digital certification business is preparing for StartCom’s entry with its super-cheap EV SSL offerings. Proclaims a director of a well known certification authority:
“EV SSL certificates are no longer an expensive premium for Web security; they are a necessary tool to help thwart phishing, man-in-the-middle and other malicious fraud attacks”

CA/Browser Forum

Since this weekend the StartCom Certification Authority is officially a member of the CA/Browser Forum. This forum is a closed group of commercial certification authorities and software vendors - in particular browser vendors - which was founded sometime in 2006. At a previous occasion the StartCom CA was denied participation, but having now met their […]

Positive Indicators

Phishing attacks seldom use SSL certificates for their fake sites resembling Paypal, eBay or whatever, because they look as good without it. So far this apparently just worked fine because a somewhat careless user simply doesn’t pay attention to the microscopic indicators the browsers used to give us in the past. Well, that’s perhaps an […]

Got (dynamic) DNS?

Operating a home server is very educational in addition to being a cheapo solution for self-hosting ones hobby-site. Up-time might not be the same as with a professional hosting provider, but for many geeks and hobbyists that’s not the important part anyway. One draw-back is usually the need for a work-around when using the ISP […]

Meet the Challenge

One of my principals is to view problems as challenges. Basically there are no problems for me, there are only challenges. And who doesn’t love to meet the challenges which are placed upon and in front of us? I love to tackle challenges from small to big!
Some time ago my  friend Gervase Markham, author-developer of […]

Glitch or Negligence?

In continuation of my article of Untrusted Certificates, I’m trying to set the record strait if this was a glitch in the software of the reseller or really negligence on part of Comodo. The reseller (actually they were supposed to be a registration authority) maintained that it was the result of unintentional mistakes and a […]

Full Disclosure

During the night of the 19th - 20th of December a critical event occurred at the StartCom CA. With the help of a proxy tool like WebScarab an attack to overcome the domain validations system was successful. The event was handled efficiently and correctly by StartCom and in order to shed full light on what […]