SSL certificates reduction to 2 years maximum

The CAB forum, organization which defines the SSL certificates issuing and management rules approved the SSL certificates reduction to a duration of 2 years against 3 previously. Initiated by the browsers Chrome and Mozilla heading, this decision moves in the direction of an always more secured Internet by forcing the actors to renew more often their security keys and to stay on the last standards of the market. This decision will be applicable to all Certification Authorities from March 1st 20... Read More

South Africa, domain names and brands: the advantage of a simultaneous registration

The domain name is to the virtual, what the brand is to the real. It is actually a little more complicated but this small sentence allows to associate brands and domain names. It’s in the context of this shared vision, that the South African brands registration Office, CIPC has developed a partnership with the registry of .ZA, the South Africa geographic extension. Thus, the brand applicants can choose the “domain name” option, registering that way the two protections. This is here the first co... Read More

« Hello World » – Musical creation by Artificial Intelligence

Artificial intelligence has released its first solo album of 15 tracks and bears a name alluding to the IT developers: Hello World. Good or bad news for the artists? First album composed with artificial intelligence The artificial intelligence field of expertise moves ahead quickly, very quickly. In January 2018, Microsoft and Alibaba’s artificial intelligence models surpass human at the reading and comprehension tests of Stanford University. Google can perfectly imitate human voice. AlphaGo Ze... Read More

A bad phishing story

A victim of phishing from 2015, asked her bank for a refund of 3300€, which was the amount diverted by a fraud author. However, during the legal procedure, the Justice has cancelled the judgement of the local court of October 2017, which has requested to the bank of the victim to refund the corresponding amounts of the phishing operation. The reason of this cancellation? The victim has deliberately communicated some confidential data regarding her credit card, by falling into the trap of a phis... Read More

A phishing attack more and more sophisticated

Recently, some Amazon users have been the victims of a quite sophisticated phishing attack. They received a fake e-mail from Amazon, alerting them that someone attempted to connect to their account by trying to change their password. A six digit code was transmitted with the instruction to call a number to verify the user’s identity. If the web users were not the source of these actions, they were invited to follow a specific procedure to secure their account. When they called the supposed Amaz... Read More

The blockchain at the service of domain names

The case of Ethereum foundation and the «.ETH » extension. Ethereum is a foundation created during 2015, by Vitalik Buterin, a 21 years old Canadian. This foundation aims to promote the Ethereum blockchain technology, created by this young computer engineer, who proposes in addition to a virtual currency, like the Bitcoin blockchain, the possibility to create applications ensuring traceability, inviolability and sustainability of the transactions they manage. To allow to the greatest number of ... Read More

Disastrous consequences of a domain name non-renewal

The American telecommunication company, Sorenson Communication, has forgotten to renew a domain name for only a few days in June 2016. The decision has fallen at the end of September 2017, Sorenson Communication has to pay a fine of 3 million dollars. Why such a high amount? The domain name which has fallen back into public domain was carrying a critical service for some users! It was the “Video Relay System” which telecommunication companies must provide to deaf people and persons with vocal d... Read More

The continuation of the Equifax case or how the controls implemented in the context of an ISMS (ISO 27001) can help to prevent security incidents?

October 3rd, 2017, Equifax’s ex CEO, Rick Smith, had to explain to the American Congress how the private data of almost one out of two Americans could be hacked. Let us briefly recall the chronology of events (for more information, we invite you to read Adriana Lecerf’s complete article): March 9th, 2017: An Apache Struts flaw is detected. Less than a week after, the security patch is validated and planned, but the latter is not applied on all the servers. March 15th, 2017: a scan is carried o... Read More

The CAA becomes mandatory in the small SSL’s world

Or how to benefit from it to implement a certification strategy specific to your company? In January 2013, a new type of DNS Resource Record has appeared to improve the control chain in the SSL certificates issuing. This record, called CAA for Certificate Authority Authorization, allows to specify for a given domain name which Certification Authorities are authorized to issue certificates. It’s an extremely interesting creation, in particular for big companies and groups, which technical teams ... Read More

Equifax victim of a massive cyberattack

The American company Equifax, based in Atlanta, present in 24 countries, has been the prey of a particularly worrying cyberattack. Equifax collects and analyzes personal data of customers soliciting a credit. At the beginning of September, the company revealed an intrusion in its database. This IT hacking could have potentially concerned around 143 million American customers and many others customers soliciting a credit like Canada or Great Britain. The criminals have exploited a breakdown in a... Read More