Tag: chrome

Total 5 Posts

Are you ready for the Symantec distrust?

It's been common knowledge in the wider PKI community that Symantec, the Certificate Authority, is currently being distrusted and will soon cease to exist as a CA. My worry is that the wider community doesn't seem fully prepared for the distrust and the impact it will have. Symantec There's a…

Continue Reading

Bypassing HSTS or HPKP in Chrome is a badidea

I saw some research published at BlackHat EU recently that detailed various ways to bypass both HSTS and HPKP in a variety of mainstream browsers. It was a novel technique and seems like a viable attack vector to bypass them, which is a big problem because both HSTS and HPKP…

Continue Reading