-
Podcast Feb 05, 2021
Root Causes 147: Google Titan Secure Key Attack
A new attack allows cloning of the Google Titan secure key. we describe this attack and its implications for Titan and other secure keys.
-
Podcast Feb 01, 2021
Root Causes 146: Congolese ccTLD Takeover
A white hat researcher took over .cd, the Democratic Republic of the Congo's ccTLD. The implications of taking over a top-level TLD are staggering.
-
Podcast Jan 29, 2021
Root Causes 145: Google Chrome to Distrust CA Camerfirma
Google has announced distrust for Spanish public CA Camerfirma in Chrome build 90. We explain the reasons for (and implications of) this decision.
-
Podcast Jan 26, 2021
Root Causes 144: Whatever Happened to the Green Address Bar?
In recent years the EV SSL "green address bar" has shrunk and evenually disappeared. We walk you through how that came to be.
-
Podcast Jan 21, 2021
Root Causes 143: The Four Pillars of Certificate Automation
The Four Pillars of Certificate Automation are deploy, discover, revoke/replace, and renew, along with the umbrella capability of visibility.
-
Webinar Jan 21, 2021
The Passwordless Enterprise: Why PKI is Better Than Passwords
Join Senior Fellow Tim Callan and CTO of PKI Jason Soroko as they discuss why replacing passwords with authentication based on PKI is the best remedy.
-
Podcast Jan 18, 2021
Root Causes 142: Removing Street and Postal Code from Public Certs
On March 1 Sectigo will remove street address and postal/zip code information from its public certificates of all types. Our hosts explain why.
-
Podcast Jan 11, 2021
Root Causes 141: The Case for Shorter Certificate Lifespans
Our hosts are joined by guest Nick France to discuss the benefits of shorter certificate lifespans for both public and private CAs.
-
Podcast Jan 07, 2021
Root Causes 140: SSL Attacks Using BGP (Border Gateway Protocol)
BGP controls traffic routing on the internet. BGP attacks could help improperly obtain DV certificates. We explain these attacks and what to do about them.
-
Podcast Jan 04, 2021
Root Causes 139: Exposed Private Keys in CSR Submissions
Sometimes subscribers accidentally include the private key along with CSR submissions. Our hosts break down this phenomenon and its implications.
-
Podcast Dec 29, 2020
Root Causes 138: IoT Cybersecurity Improvement Act of 2020
We explain the IoT Cybersecurity Improvement Act of 2020, which creates security requirements for IoT devices sold into the US government.
-
Blog Post Dec 21, 2020
The SolarWinds attack touches on digital certificates and identity authentication in some important ways.