Security

DDos Protection Services Firm Prolexic Secures $8 Million in Funding

February 9, 2012 — Distributed denial of service protection services firm Prolexic Technologies announced on Thursday it has closed an $8 million Series B investment led by private equity firm Camden Partners. DDoS attacks have been increasing at exponential rates in recent years, putting all Internet surfers and websites at risk. Recognizing this, DDoS mitigation services should be a standard part of business continuity/disaster recovery planning and be included as part of all hosting companies’ services.

Google Plans to Disable Online Revocation Checks in Future Chrome Versions

February 9, 2012 — Google will disable online revocation checks in future versions of Chrome, and will reuse its existing update mechanism to maintain a list of revoked SSL certificates instead, according to a blog post on Sunday by Google researcher Adam Langley. There are many problems with online revocation checks including soft-fails and compromised security if an attacker intercepts HTTPS connections and bypasses the revocation checks.

Security Firm eleven Reports Phishing Email Increase in December and January

February 8, 2012 — Email security provider eleven announced on Wednesday that it has seen explosive growth of phishing email in December and January. According to the report, phishing email’s share surged by 194 percent in December, and by a further 214 percent in January.

Security Researcher Calls on Browser Developers to Support SSL-Validator

February 8, 2012 — Security researcher Moxie Marlinspike is calling on the support of browser developers to participate in his new open-source project that is designed to authenticate a secure sockets layer certificate’s credentials, according to a report by The Register. Convergence, which is currently in its Beta phase, is available as a Firefox add-on and enables users to query notary servers so that they can ensure the legitimacy of an SSL certificate attached to a particular site.

Trustwave Re-Ignites SSL Policy Debate with Cert Revocation, Rule Change

February 8, 2012 — Digital certificate authority Trustwave admitted via a blog post on Saturday that it issued a SSL certificate to a private company to spy on SSL-protected connections within its corporate network. This move has caused some in the Mozilla community to suggest Trustwave’s root certificate be removed from Firefox.

Prolexic Report: DDoS Attacks Grow in Size, Decline in Duration During Q4 2011

February 7, 2012 — DDoS security provider Prolexic released on Tuesday data it collected from Q4 2011 global attacks against its clients that showed a significant rise in packet-per-second volume, a trend it predicted in its previous attack report released in July 2011. While Prolexic says an increase in the fourth quarter is not uncommon because of holiday shopping season and the prevalence of attackers targeting e-commerce sites Q4 was marked by an uncharacteristic surge.

UK Web Host Eukhost Offers SSL Certificates on Monthly Billing Term

February 6, 2012 — UK web hosting provider Eukhost announced on Monday it is now offering SSL certificates on a monthly billing term with free malware monitoring. Eukhost said its SSL certificates are designed for a wide scope of users ranging from SME’s to large incorporations that have an ecommerce business.

Internet Infrastructure Firm VeriSign Hit by Multiple Hacks in 2010

February 2, 2012 — Internet infrastructure services provider VeriSign was the target of multiple online attacks throughout 2010 which resulted in stolen information, according to a report by Reuters which cites the company’s quarterly regulatory filing. The company did not include the details of the stolen information or any specifics regarding the attacks in its 10-Q report filed in October with the US Securities and Exchange Commission.