As a safety precaution to prevent SSL server certificates being exploited for network man-in-the-middle attacks on organizations, vendors that issue SSL server certificates will begin adhering to new issuance guidelines as of Nov. 1. These new rules, as described by members of the industry group Certificate Authority/Browser Forum, mean certificate authorities (CAs) will not issue certificates that contain "internal names" and expire after Nov. 1, 2015.
- Foreshadow is a new speculative execution exploit targeting Intel's SGX on Core chips
- HP’s critical patches blocked fax attacks on networked printers
- Cautious optimism greets government’s encryption-interception plans
- The first rule of data-breach response? Don’t panic
- Week in security: Security means anticipating the unknown unknowns