Why You Should Get Familiar With TLS If You Accept Credit Cards

Posted by on April 28, 2015 0 comments

The group that manages the Payment Card Industry Data Security Standard quietly announced in February that an imminent update was coming to its payment card and application requirements related to the use of the SSL encryption protocol. Since then, there has been growing concern among merchants about what the changes mean to them. The confusion among retailers generally can be boiled down to two questions: What will the new updates require me to do? What happens to my TSL/SSL certificates? First let’s explain what’s going on: On Feb. 13, the PCI Security Standards Council...

Read More

HTTP/2 Is Speedy and Secure

Posted by on April 20, 2015 0 comments

Since we last wrote about SSL/TLS performance, there has been a lot of activity in the IETF HTTP Working Group, resulting in the February announcement that the next version of HTTP has been approved. This is big news because it means that major SSL/TLS performance improvements are on the way. Background When your browser connects to a website today, it most likely uses the HTTP/1.1 protocol that was defined in 1999 in RFC 2616. Over the past 15 years, HTTP/1.1 has served us well and many tweaks have been discovered to make the most of it. However, in that time the web has transformed into a...

Read More

Extended Validation Builds Trust (Infographic)

Posted by on April 15, 2015 1 comment

Click on the image above to download a full-size version. Click to share on Facebook (Opens in new window)Click to share on Twitter (Opens in new window)Click to share on LinkedIn (Opens in new window)Click to share on Google+ (Opens in new window)Click to print (Opens in new window)

Read More

CA Security Council Report: Consumers Don’t Know Much About Security, But They Trust the Padlock and Green Bar When Shopping Online

Posted by on April 13, 2015 2 comments

Only 2 Percent Proceed Past “Untrusted Connection” Message San Francisco – April 13, 2015 – The CA Security Council (CASC), an advocacy group committed to the advancement of the security of websites and online transactions, today released its 2015 Consumer Trust Survey which found that validation matters.  While consumers are confused about some aspects of security, they recognize and trust the security that SSL brings to e-commerce sites.  Fifty-three percent of respondents identify the padlock as adding confidence in an e-commerce site, with 42 percent associating...

Read More

Microsoft Deploys Certificate Reputation

Posted by on April 9, 2015 2 comments

As we have stated previously, website owners have a concern that an attacker can have a certificate issued for their domain name. We now have two systems which will help monitor certificates for domains: Certificate Transparency (CT) and Certificate Reputation. At the start of 2015, most certification authorities (CAs) support CT as requested by Google. CT works for extended validation (EV) SSL certificates and will allow all EV certificates to be monitored. In March 2015, Microsoft deployed Certificate Reputation. Through the use of Windows, Internet Explorer and other applications,...

Read More