Security Archives - Page 3 of 4 -

SSL validity change to one year only

An industry-wide requirement set by Apple and Google, stating that any two-year SSL certificate issued after August 30, 2020, will be distrusted in their browsers.

That’s right: 398 days is the maximum length for a publicly issued server cert. If it’s longer, browsers and other HTTPS code will reject the cert as invalid.

Beginning UTC 12.00 am August 19, 2020, Sectigo will only be issuing one-year (up to 398 days) SSL certificates. And Digicert is highly doing the same at the end of August. Kindly note that this only applies to public TLS certificates. Other types of certificates (e.g. Code Signing Certificates, S/MIME certificates, etc.) will be unaffected and will have the same maximum validity that they have today.

However, any two-year SSL certificate issued before 12:00 am UTC on August 19, 2020, will be valid for two-years (up to 825 days).

Therefore we recommend you renew the certificate and top your certificate validity before the deadline, save time, and trouble for you to go through the validation process next year (especially for OV&EV certificate).

Dropbox Phishing Scam : Don’t Get Fooled by Fake Shared Documents

Hackers use familiar brands like Dropbox to steal login credentials and spread malware

It’s funny how hackers, phishers, and scamsters can be blatantly obvious and inexplicably unpredictable at the same time. I’m saying obvious because they target the most widely used services/platforms and lots of users know what they’re up to — not just security professionals, but many ordinary users know about these phishing scams and what to look for. Phishers might be predictable in going after big names but it’s the unpredictability in their approaches that makes them tick. Time after time, they come up with new ways that help them achieve exactly what they want and make them “successful.” The Dropbox phishing scam is a perfect illustration of this.

What Is a DDoS Attack?

A distributed denial of service (DDoS) attack is kind of like a traffic jam on a website

What is a DDoS attack and what does it mean for your website? Instead of jumping deep into technical details, let’s start with a real-world analogy that makes it really easy to visualize what a DDoS attack is…

19-year old DDoS-for-Hire service hacker has been arrested

The world biggest DDoS-for-Hire service was stopped after the Croatian Police arrested the teenage mastermind hacker. At the webstresser.org the registered users could launch a DDoS attack against their targets for €15 or BitCoin. This way technical skills weren’t required for starting such an attack.

Continue reading “19-year old DDoS-for-Hire service hacker has been arrested”