1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Let’s encrypt – but let’s also decrypt and inspect SSL traffic for threats

Discussion in 'Network World' started by RSS, Feb 10, 2016.

  1. RSS

    RSS New Member Member

    This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.

    Ever since Edward Snowden’s revelations in 2013 SSL encryption has become all the rage with application owners, and that, in turn, has lead to the rise of attacks hiding in SSL traffic. What’s more, movements like Let’s Encrypt, the free, automated and open certificate authority (CA) provided by the Internet Security Research Group (ISRG), have inadvertently created a new set of vulnerabilities. Attackers are able to exploit Let’s Encrypt to generate their own seemingly legitimate SSL certificates to sign malicious code or to host malicious HTTPS sites.

    To read this article in full or to leave a comment, please click here

    Continue reading...

Share This Page