Facebook ‘unintentionally uploaded’ E-Mail contacts of 1.5 million users

The social media giant did so without user consent, but says it is now deleting such data. Since May 2016, 1.5 million users have had their E-Mail contacts harvested by Facebook upon sign-up, without being asked for consent. Security researcher ‘e-sushi’ found that Facebook was requesting the passwords to some users’ E-Mail accounts to verify […]

Dragonblood – the vulnerability affecting WiFi Protected Access 3 (WPA3)

The WiFi Alliance recently released their latest security and authentication standard, WiFi Protected Access 3 (WPA3), but two security researchers have discovered a weakness in one of its protocols. WPA3 WPA3 is the newest standard in WiFi security, better securing public and private networks. It makes connecting to non-HTTPS websites and unsecured WiFi a lot […]

Sectigo removes CRL support in newly issued certificates

Generate a CSR for SSL/TLS

Sectigo (formerly Comodo CA) has removed CRL distribution points on newly issued Domain Validated (DV) SSL/TLS certificates. I speculate that Organization Validated (OV) and Extended Validation (EV) SSL/TLS certificates will soon no longer contain CRL distribution points either. What is CRL? A Certificate Revocation List (CRL) is a list of SSL/TLS certificate serial numbers which […]

ICANN urges full implementation of DNSSEC

The Internet Corporation for Assigned Names and Numbers (ICANN), a nonprofit organization dedicated to collaboration towards a secure and globally unified internet, has reacted to increasing reports of attacks on DNS infrastructure by urging registrars to adopt DNSSEC. What is ICANN?An internationally organized corporation that has responsibility for IP address space allocation, protocol identifier assignment, […]