The CAA becomes mandatory in the small SSL’s world

Or how to benefit from it to implement a certification strategy specific to your company? In January 2013, a new type of DNS Resource Record has appeared to improve the control chain in the SSL certificates issuing. This record, called CAA for Certificate Authority Authorization, allows to specify for a given domain name which Certification Authorities are authorized to issue certificates. It’s an extremely interesting creation, in particular for big companies and groups, which technical teams ... Read More

The 3 most common DNS attacks and how to defeat them

In October 2016, many popular websites like Amazon, Twitter, Netflix and Spotify have become unavailable to millions web users in the United Sates, during almost 10 hours, i.e. an eternity. The cause, one of the most powerful attacks of Internet history on Dyn’s DNS services, a major actor in this sector. Other companies like Google, The New York Times and many banks have also been the victims of different kinds of attacks aiming at the DNS, the last few years, and if in many companies, the DNS... Read More

DNS – the big forgotten of Internet

“DNS continues to be one of the most targeted Internet services, and it remains the Achilles heel of global Internet infrastructure. DNS was not only the most heavily abused protocol for reflection/amplification DDoS attacks this year, but an attack targeting a specific DNS provider was also the cause of the most widespread Internet outage of 2016 (Note: attack on the provider Dyn, which caused for about ten hours, the inaccessibility of a big part of Internet in the USA, particularly impacting ... Read More

Some movement in the SSL’s world: Digicert acquires Symantec’s certificates activity

On Wednesday, August 2nd, Digicert announced the acquisition of Symantec’s Website Security Business branch (including SSL business, and some other services). It’s the direct consequence of the conflict opposing Symantec to Google for a few months. You have certainly already heard about this disagreement opposing two companies on a certain number of certificates issued by Symantec and the possible loss of trust towards these certificates in the next versions of Chrome. Many information and dat... Read More

Let’s talk about DNSSEC

DNSSEC has taken shape, and has become essential in security process recommended by ANSSI as well as the web in general. And yet, it’s a barbaric term that is often scary as we don’t know how it works and what it’s used for. This article will focus on clarifying this term. The Domain Name System Security Extensions is a standardized protocol of communication allowing to resolve security problems related to DNS. We will begin by a reminder of what is the DNS. What is the DNS? S... Read More

Towards a 100% encrypted web, the new challenges of HTTPS

Between Mars, 2016 and Mars, 2017, Let’s Encrypt has issued 15 270 SSL certificates containing “PayPal” term, 14 766 of these certificates were issued for domains leading to phishing websites. It’s the result of the recent analysis led by Vincent Lynch, SSL expert.     Lynch was closely interested in this case, after an interesting article published by Eric Lawrence (Google Chrome Security Team) in January 2017, the image above is from this article named “Certified Malice “which expos... Read More

HTTPS and SSL: Google continues its offensive

Chrome 53 launched on 31 August 2016 and with it Google is continuing its offensive for a safer internet. With its Chrome navigator, Google signals even more clearly when as site does not use httpS on its landing page. And the version to come will continue in this vein barring purely and simply HTTP with a Red cross. This  ‘ugly defacement’ will be difficult to accept on corporate websites, in particular well-known brands. Firefox has already announced a similar measure. Add to that the httpS... Read More