SecurityCertificate
Latest
Chrome's upcoming security change will break hundreds of sites
Google will strengthen Chrome's security with its next release, but that might have some unintended consequences for the sites you use. Security researcher Scott Helme has found that hundreds of the top 1 million sites are using old Symantec HTTPS certificates (pre-June 2016) that won't be trusted when Chrome 70 arrives as soon as October 16th. Some of these are vital sites, too, including multiple Indian government sites, the government of Tel Aviv and Penn State Federal Credit Union.
Dell is the latest PC maker with a gaping security flaw, but it will fix it
Lenovo and Samsung might not be the only big Windows PC makers pre-installing software that compromises your security. Computer buyers have discovered that Dell is shipping at least some PCs (such as the new XPS 15) with a self-signed security certificate that's the same on every system. If intruders get a raw copy of the certificate's private key, which isn't hard, they have an easy way to attack every PC shipping with this code. The kicker? This is much like Lenovo's Superfish exploit, only written by the hardware vendor itself -- Dell had plenty of time to learn from its rival's mistake.
Victorinox offers refunds for secure USB drives in light of discontinued software updates
Software support and security certificates are coming to an end for Victorinox's line of secure USB drives, but the firm announced on Facebook that it's offering customers full refunds until December 31 if they'd like to return their products in light of the developments. In order to avoid losing data, owners of the flash drives should perform a backup before the encryption application meets its untimely end on September 15th. However, files stored on non-encrypted areas of the device will remain accessible without further action. The Slim, Secure and Presentation Master storage sticks can still be used as run-of-the-mill thumb drives after the cut-off date, but the Swiss Army Knife maker's application will no longer be able to scramble or unscramble their contents.
Victorinox nixes software updates for USB drives, security certificate to expire in September
Victorinox may have offered a hefty bounty to crack its secure USB drives' encryption, but the storage sticks seem to have met their match another way: the end of software support. In an email sent to customers and a pair of Facebook posts, the firm announced that it will halt updates as of next month and that its security program's VeriSign certificate is only valid until September 15th. As a result, customers are urged to backup their data lickity split. According to the outfit, the economics of continuing application development just weren't reasonable and it'll now refer to a third party for all software. However, the Swiss Army Knife maker isn't out of the flash drive business -- it's committed to putting more of the devices on the market. We've reached out to the company for more details on how the thumb drives will be affected and we'll update when we get word. In the meantime, hit the source links for the notice or check out the e-mail below. [Thanks, Scott]
Apple addresses Lion server issues with new technotes
If you run Lion server and have problems with podcast streaming or want to view local volumes on your server, you'll want to read two new technotes on Apple's support site. Spotted by MacNN, they will tell you how to setup https to serve up podcasts and how you can tweak your settings to view a mounted local volume or a shared folder via SMB. One article (Technote TS4126) addresses podcast streaming and SSL certificates, a problem which arose in OS X server 10.7.2. Unlike earlier versions, this version of Lion server streams podcasts using a secure https connection. In this issue, users visiting your Lion server cannot view podcast thumbnails. When they try to playback content, the thumbnail is missing and only a blank window appears. To fix this issue, server administrators can either purchase a signed security certificate from an established Certificate Authority or use a self-signed certificate. If the admin chooses the self-signed route, users attempting to view a podcast will be presented with a warning about an untrusted certificate. Once the user accepts this certificate as coming from a trusted source, they can gain access to the podcast content. The other technote HT5028 has two command-line tweaks for server administrators. The first will let admins view any volumes mounted locally on the server and the second will let them access shared folders over SMB. Once entered, admins will have to reboot the server to make these changes stick.
