#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

short lived certificate | Breaking Cybersecurity News | The Hacker News

Maximum Lifespan of SSL/TLS Certificates is 398 Days Starting Today

Maximum Lifespan of SSL/TLS Certificates is 398 Days Starting Today

Sep 01, 2020
Starting today, the lifespan of new TLS certificates will be limited to 398 days, a little over a year, from the previous maximum certificate lifetime of 27 months (825 days). In a move that's meant to boost security, Apple, Google, and Mozilla are set to reject publicly rooted digital certificates in their respective web browsers that expire more than 13 months (or 398 days) from their creation date. The lifespan of SSL/TLS certificates has shrunk significantly over the last decade. In 2011, the Certification Authority Browser Forum (CA/Browser Forum), a consortium of certification authorities and vendors of browser software, imposed a limit of five years, bringing down the certificate validity period from 8-10 years. Subsequently, in 2015, it was cut short to three years and to two years again in 2018. Although the proposal to reduce certificate lifetimes to one year was shot down in a ballot last September , the measure has been overwhelmingly supported by the browser
Let's Encrypt Issued A Billion Free SSL Certificates in the Last 4 Years

Let's Encrypt Issued A Billion Free SSL Certificates in the Last 4 Years

Feb 28, 2020
Let's Encrypt, a free, automated, and open certificate signing authority (CA) from the nonprofit Internet Security Research Group (ISRG), has said it's issued a billion certificates since its launch in 2015. The CA issued its first certificate in September 2015, before eventually reaching 100 million in June 2017. Since late last year, Let's Encrypt has issued at least 1.2 million certificates each day. The development comes as over 80 percent of the web page loads have begun using HTTPS worldwide , and 91 percent in the US alone. HTTPS, the default means of secure communication on the internet, comes with three benefits: authentication, integrity, and encryption. It allows HTTP requests to be transmitted over a secure encrypted channel, thus protecting users from an array of malicious activities, including site forgery and content manipulation. "Since 2017, browsers have started requiring HTTPS for more features, and they've greatly improved the way
Making Sense of Operational Technology Attacks: The Past, Present, and Future

Making Sense of Operational Technology Attacks: The Past, Present, and Future

Mar 21, 2024Operational Technology / SCADA Security
When you read reports about cyber-attacks affecting operational technology (OT), it's easy to get caught up in the hype and assume every single one is sophisticated. But are OT environments all over the world really besieged by a constant barrage of complex cyber-attacks? Answering that would require breaking down the different types of OT cyber-attacks and then looking back on all the historical attacks to see how those types compare.  The Types of OT Cyber-Attacks Over the past few decades, there has been a growing awareness of the need for improved cybersecurity practices in IT's lesser-known counterpart, OT. In fact, the lines of what constitutes a cyber-attack on OT have never been well defined, and if anything, they have further blurred over time. Therefore, we'd like to begin this post with a discussion around the ways in which cyber-attacks can either target or just simply impact OT, and why it might be important for us to make the distinction going forward. Figure 1 The Pu
Cybersecurity Resources