-
Podcast Nov 17, 2021
Root Causes 189: What Is CA Agnostic?
Certificate Lifecycle Management (CLM) platforms that can provision certificates of all types from all CAs, private and public, are "CA agnostic."
-
Podcast Nov 11, 2021
Root Causes 188: Introduction to Web Security
Malware and other web site attacks can result in reputational damage and site access being blocked or hindered by end user software and services.
-
Podcast Nov 08, 2021
Root Causes 187: Apple Limits Term for S/MIME Certificates
Apple recently announced that it would limit the allowable term for public S/MIME certificates to 825 days. We explain this declaration's implications.
-
Podcast Nov 02, 2021
Root Causes 185: EU Covid Passport Root Key Stolen
The root certificates of the EU's Covid Passport program have suffered a private key compromise and counterfeit passports are for sale on the black market.
-
Podcast Oct 27, 2021
Root Causes 184: Popular College WiFi Vulnerability Revealed
Certificate misconfiguration in commonly used college WiFi can expose logins. We discuss WiFi authentication, EAP, and how this vulnerability occurs.
-
Podcast Oct 21, 2021
Root Causes 183: New MSCA Attack Toolkits
A new white paper and set of toolkits illuminate MSCA root key attacks. We provide a clear action list for IT professionals in charge of Microsoft CA.
-
Podcast Oct 18, 2021
Root Causes 182: Let's Encrypt Root Expiration
Let's Encrypt's recent root expiration caused widespread service outages. We discuss this expiration and the recipe for avoiding problems in the future.
-
Podcast Aug 30, 2021
Root Causes 181: Limitation of DCV Through Web Site Changes
Domain Control Validation (DCV) for SSL certificates using the "change to web site" method will be changing late this year. We explain these changes.
-
Podcast Aug 26, 2021
Root Causes 180: PetitPotam MSCA Attack
WE describe the PetitPotam MSCA attack and related terms like Mimikatz, pass-the-hash, and NTLM Relay, including a mitigation roadmap and free resources.
-
Podcast Aug 24, 2021
Root Causes 179: Standards for Certificates Apart from SSL
SSL is not the only regulated type of digital certificate. We discuss the rules for S/MIME, eIDAS, code signing, document signing, and SSH certificates.
-
Podcast Aug 20, 2021
Root Causes 178: Stealing Cryptocurrency
We describe the various ways in which cryptocurrency can be stolen, including private key compromise, broker security failure, and login credential theft.
-
Podcast Aug 05, 2021
Root Causes 176: Introducing State-Locality Exclusivity
Sectigo is implementing an important change to its public-facing SSL certificate business called State-Locality Exclusivity. We explain in this episode.