Saturday, March 6, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Privacy

Let’s Encrypt Issued A Billion Free SSL Certificates in the Last 4 Years

February 28, 2020
in Internet Privacy
Let’s Encrypt Issued A Billion Free SSL Certificates in the Last 4 Years
585
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

Let’s Encrypt, a free, automated, and open certificate signing authority (CA) from the nonprofit Internet Security Research Group (ISRG), has said it’s issued a billion certificates since its launch in 2015.

The CA issued its first certificate in September 2015, before eventually reaching 100 million in June 2017. Since late last year, Let’s Encrypt has issued at least 1.2 million certificates each day.

You might also like

Mazafaka — Elite Hacking and Cybercrime Forum — Got Hacked!

Google Cloud Certifications — Get Prep Courses and Practice Tests at 95% Discount

CISA Issues Emergency Directive on In-the-Wild Microsoft Exchange Flaws

The development comes as over 80 percent of the web page loads have begun using HTTPS worldwide, and 91 percent in the US alone.

HTTPS, the default means of secure communication on the internet, comes with three benefits: authentication, integrity, and encryption. It allows HTTP requests to be transmitted over a secure encrypted channel, thus protecting users from an array of malicious activities, including site forgery and content manipulation.

“Since 2017, browsers have started requiring HTTPS for more features, and they’ve greatly improved the ways in which they communicate to their users about the risks of not using HTTPS,” the company said. “When websites put their users at risk by not using HTTPS, major browsers now show stronger warnings. Many sites have responded by deploying HTTPS.”

Launched with the goal of speeding up the web’s encryption rate and bringing down the costs of enabling HTTPS, Let’s Encrypt’s ACME (Automatic Certificate Management Environment) protocol offers an easy means to set up and issue SSL certificates that can be renewed and replaced without manual intervention from webmasters.

Electronic Frontier Foundation’s Certbot is one such popular open-source, free-to-use ACME client that enables HTTPS on websites by automatically deploying Let’s Encrypt certificates — which are valid only for 90 days — and managing renewals.

But with bad actors abusing Let’s Encrypt HTTPS certificates to mask malicious traffic and direct unsuspecting users to malicious sites, the company has taken steps to “ensure that a certificate applicant actually controls the domain they want a certificate for.”

Apple Takes a Significant Step Forward

But that’s not all. Apple has managed to do what most CAs were hesitant to accomplish all this time: shorten the maximum validity of issued certificates to one year.

The tech giant recently announced that starting 1st September 2020, Safari will reject new HTTPS certificates that expire more than 13 months (or 398 days) from their creation date, effectively bringing down the maximum certificate lifetime from 825 days.

This follows a failed ballot held last September by CA/Browser Forum to reduce certificate lifetimes. Although Let’s Encrypt, certSIGN, Apple, Cisco, Google, Microsoft, Mozilla, and Opera voted in favor of the move, close to two-thirds of participating CAs rejected the idea.

Apple’s move to shorten the lifespan of HTTPS certificates means that CA’s like Let’s Encrypt and ACME clients such as Certbot will only become more valuable going forward, as it would force the website administrators to use a certificate issued for 1 year or less.

How Do Short-Lived Certificates Increase Security?

Capping certificate lifetimes improves website security, not least because it reduces the possibility of criminals stealing neglected certificates to mount phishing and malware attacks.

Secondly, mobile versions of Chrome and Firefox do not proactively check for certificate status, implying a website whose certificate has been revoked will still continue to load without giving any warning to the user.

This is for performance reasons as browsers will have to end up downloading certificate revocation lists (CRLs) that can be quite large in size, affecting page loads.

Instead, Chrome uses CRLSets to “block certificates in emergency situations,” while Mozilla has been experimenting with CRLite in its nightly builds.

Aside from these techniques, the Firefox maker has also announced technical specifications for a new cryptographic protocol called “Delegated Credentials for TLS,” which “allows companies to take partial control over the process of signing new certificates for themselves—with a validity period of no longer than 7 days and without entirely relying on the certificate authority.”

It goes without saying that Apple’s decision to cut certificate lifetimes is a significant step forward for security. And if it helps proactively prevent users from connecting to compromised websites, it can only be a good thing.


Credit: The Hacker News By: noreply@blogger.com (Ravie Lakshmanan)

Previous Post

Dow Futures Nosedive 450 Points as Coronavirus Outbreak Shocks U.S. Markets

Next Post

Developer: For pay and job openings, these are the best roles

Related Posts

Mazafaka — Elite Hacking and Cybercrime Forum — Got Hacked!
Internet Privacy

Mazafaka — Elite Hacking and Cybercrime Forum — Got Hacked!

March 6, 2021
Google Cloud Certifications — Get Prep Courses and Practice Tests at 95% Discount
Internet Privacy

Google Cloud Certifications — Get Prep Courses and Practice Tests at 95% Discount

March 5, 2021
CISA Issues Emergency Directive on In-the-Wild Microsoft Exchange Flaws
Internet Privacy

CISA Issues Emergency Directive on In-the-Wild Microsoft Exchange Flaws

March 5, 2021
Google Will Use ‘FLoC’ for Ad Targeting Once 3rd-Party Cookies Are Dead
Internet Privacy

Google Will Use ‘FLoC’ for Ad Targeting Once 3rd-Party Cookies Are Dead

March 5, 2021
Extortion Gang Breaches Cybersecurity Firm Qualys Using Accellion Exploit
Internet Privacy

Extortion Gang Breaches Cybersecurity Firm Qualys Using Accellion Exploit

March 4, 2021
Next Post
Developer: For pay and job openings, these are the best roles

Developer: For pay and job openings, these are the best roles

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

Zigbee inside the Mars Perseverance Mission and your smart home
Internet Security

Zigbee inside the Mars Perseverance Mission and your smart home

March 6, 2021
Mazafaka — Elite Hacking and Cybercrime Forum — Got Hacked!
Internet Privacy

Mazafaka — Elite Hacking and Cybercrime Forum — Got Hacked!

March 6, 2021
Autonomous Cars And Minecraft Have This In Common  
Artificial Intelligence

Autonomous Cars And Minecraft Have This In Common  

March 5, 2021
The ML Times Is Growing – A Letter from the New Editor in Chief – Machine Learning Times
Machine Learning

Explainable Machine Learning, Model Transparency, and the Right to Explanation « Machine Learning Times

March 5, 2021
FTC joins 38 states in takedown of massive charity robocall operation
Internet Security

FTC joins 38 states in takedown of massive charity robocall operation

March 5, 2021
Google Cloud Certifications — Get Prep Courses and Practice Tests at 95% Discount
Internet Privacy

Google Cloud Certifications — Get Prep Courses and Practice Tests at 95% Discount

March 5, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • Zigbee inside the Mars Perseverance Mission and your smart home March 6, 2021
  • Mazafaka — Elite Hacking and Cybercrime Forum — Got Hacked! March 6, 2021
  • Autonomous Cars And Minecraft Have This In Common   March 5, 2021
  • Explainable Machine Learning, Model Transparency, and the Right to Explanation « Machine Learning Times March 5, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates