WordPress database error: [Table 'iwebz_wordpress.wp_iwebz_geot_countries' doesn't exist]
SELECT * FROM wp_iwebz_geot_countries WHERE iso_code = 'US'

SSL Certificates – iWebz℠ Blog https://www.iwebz.net powered by the web Wed, 22 Nov 2017 08:12:37 +0000 en-US hourly 1 ssl.iwebz.net is now getsslnow.com https://www.iwebz.net/index.php/ssl-iwebz-net-now-getsslnow-com/ Fri, 03 Nov 2017 04:36:58 +0000 https://www.iwebz.net/?p=2808 The team at iWebz would like to announce that as of 1st November 2017 we have permanently moved our address from ssl.iwebz.net to getsslnow.com thereby merging all our SSL certificate business activities under the getSSL by iWebz℠ brand. ssl.iweb.net is now getsslnow.com The login details for your user account remain unchanged. Your orders details will continue to […]

The post ssl.iwebz.net is now getsslnow.com appeared first on iWebz℠ Blog.

]]>
getssl logoThe team at iWebz would like to announce that as of 1st November 2017 we have permanently moved our address from ssl.iwebz.net to getsslnow.com thereby merging all our SSL certificate business activities under the getSSL by iWebz℠ brand.

ssl.iweb.net is now getsslnow.com

  • The login details for your user account remain unchanged.
  • Your orders details will continue to be available.
  • Your certificates will continue to function until expiry of validity.
  • Newsletter subscribers have already been migrated.

If you are a customer and need any clarifications send us your query.

 

Original article: ssl.iwebz.net is now getsslnow.com

©2017 iWebz℠ Blog. All Rights Reserved.

The post ssl.iwebz.net is now getsslnow.com appeared first on iWebz℠ Blog.

]]>
Top SSL Certificate Brands of 2017 https://www.iwebz.net/index.php/top-ssl-certificate-brands-2017/ Fri, 29 Sep 2017 07:34:25 +0000 https://www.iwebz.net/?p=2763 An ongoing survey by W3Techs has thrown up some interesting numbers on the state of the global SSL Certificate market. Most notably 23.7% of websites have yet to implement SSL certificates. W3Techs investigated technologies of websites, not of individual web pages. If a technology was found on any of the pages, it is considered to […]

The post Top SSL Certificate Brands of 2017 appeared first on iWebz℠ Blog.

]]>

An ongoing survey by W3Techs has thrown up some interesting numbers on the state of the global SSL Certificate market. Most notably 23.7% of websites have yet to implement SSL certificates.

W3Techs investigated technologies of websites, not of individual web pages. If a technology was found on any of the pages, it is considered to be used by the website.

W3Techs included only the top 10 million websites (top 1 million before June 2013) in the statistics in order to limit the impact of domain spammers. Website popularity rankings were provided by Alexa (an Amazon.com company) and a 3-month average ranking was used.

W3Techs did not consider subdomains to be separate websites. For instance, sub1.example.com and sub2.example.com are considered to belong to the same site as example.com. That means for example, that all the subdomains of blogger.com, wordpress.com and similar sites are counted only as one website.

W3Techs did not include redirected domains. For example, Sun.com redirects to Oracle.com, and is therefore not counted.

Not surprisingly to us at iWebz, the results show Comodo certificates are preferred by 39.4% of all websites that use SSL certificates, and the free SSL certificate authority Let's Encrypt is yet to get major traction with websites.

w3techs ssl certificate market chare

The stats are updated daily and are available on W3Techs.com

 

Need Help Selecting A Certificate?

Let us help you select one for your site.

Original article: Top SSL Certificate Brands of 2017

©2017 iWebz℠ Blog. All Rights Reserved.

The post Top SSL Certificate Brands of 2017 appeared first on iWebz℠ Blog.

]]>
FTP sites will be marked Not Secure from Google Chrome 63 https://www.iwebz.net/index.php/google-chrome-63-ftp-sites-not-secure/ Tue, 19 Sep 2017 15:14:18 +0000 https://www.iwebz.net/?p=2750 FTP sites will be marked as Not Secure with the release of Google Chrome 63 in December 2017 Thats the direction of the discussion at https://groups.google.com/a/chromium.org/forum/#!msg/security-dev/HknIAQwMoWo/xYyezYV5AAAJ Although there have been plans to remove FTP support altogether, for now FTP sites will only be marked as Not Secure. About FTP FTP, or File Transfer Protocol, used […]

The post FTP sites will be marked Not Secure from Google Chrome 63 appeared first on iWebz℠ Blog.

]]>
FTP sites will be marked as Not Secure with the release of Google Chrome 63 in December 2017

chrome 63 ftp sites not secure

Thats the direction of the discussion at https://groups.google.com/a/chromium.org/forum/#!msg/security-dev/HknIAQwMoWo/xYyezYV5AAAJ

Although there have been plans to remove FTP support altogether, for now FTP sites will only be marked as Not Secure.

About FTP

FTP, or File Transfer Protocol, used with ftp:// requests is a decades-old network protocol that is used to transfer files between clients and servers. FTP does not encrypt traffic by default, making it susceptible to interception and manipulation by eavesdropping third parties.

FTP can be secured using an SSL/TLS, which in turn creates FTPS. Unfortunately, FTPS is not a widely-supported feature on most browsers, including Chrome, due to its low usage rate.

What are FTP sites?

FTP sites are locations from where you can use your browser to download large files such as the latest Linux OS distribution, or third-party softwares for your operating system.

However, since in time most software distribution services have moved to HTTPS download, and it is suggested the rest do the same.

 

Original article: FTP sites will be marked Not Secure from Google Chrome 63

©2017 iWebz℠ Blog. All Rights Reserved.

The post FTP sites will be marked Not Secure from Google Chrome 63 appeared first on iWebz℠ Blog.

]]>
Chrome and Symantec – the Final “Trust” Solution https://www.iwebz.net/index.php/chrome-symantec-final-trust-solution/ Mon, 31 Jul 2017 13:02:10 +0000 https://www.iwebz.net/?p=2615 The Google Chrome team announced in March 2017 that it had a problem with Symantec for violating industry standards related to SSL certificate issuance. This has been discussed cooperatively over the last 4 months by Google, Symantec, and other members of the internet community. On 27th July 2017, Chrome and Symantec announced their final plan […]

The post Chrome and Symantec – the Final “Trust” Solution appeared first on iWebz℠ Blog.

]]>
chrome symantec trust issue

The Google Chrome team announced in March 2017 that it had a problem with Symantec for violating industry standards related to SSL certificate issuance. This has been discussed cooperatively over the last 4 months by Google, Symantec, and other members of the internet community. On 27th July 2017, Chrome and Symantec announced their final plan to move forward.

If you operate a website that uses a Symantec SSL certificate, please read this post to see if future versions of Chrome will affect your specific certificate and how you can replace that certificate (for free) before anything goes into effect.

Are you affected?

If you are a current user of Symantec certificates or plan to purchase one in 2017, this could affect you.

As a leading Certificate Authority, there are more than an ideal amount of Symantec SSL certificates will be affected.  Note that Symantec operates multiple brands, all of which are affected:

  • Symantec
  • GeoTrust
  • Thawte
  • RapidSSL

Also, note that Mozilla Firefox will be taking a similar course of action, but at this time they have not committed to a final plan.

What changes are expected in Google Chrome

The two stages of Chrome’s distrust, which serve as deadlines, are marked in RED to clearly show the difference between general information and actionable items.

October 24th, 2017
Chrome 62 will display a message in Developer Tools to help identify certificates which will be affected by distrust in Chrome 66. Visit your websites with the Developer Tools panel open – this will allow you to identify which websites will be affected by distrust in Chrome 66.

December 1st, 2017
A partnered Certificate Authority (CA) will begin issuing certificates for Symantec. As an end user, you may notice some small changes in the issuance process. From a technical standpoint, this date is significant because it marks beginning of the “new” Symantec certificates. Certificates issued after this date will be issued from different roots and will not be affected by Chrome’s dis-trust.

April 17, 2018
All Symantec certificates issued before June 1st, 2016, will no longer be trusted by Chrome.
Certificates issued after June 1st, 2016 are not affected at all in this release. Replace any Symantec certificates issued before June 1st 2016 by this date. This can be done by reissuing your certificate for free from your provider and installing the new certificate in place of the old one. If your certificate expires around this time (April-June) you may want to consider renewing it, instead of reissuing, to avoid two replacements within a short time frame.

Oct 28th, 2018
All certificates issued by Symantec with their existing infrastructure will no longer be trusted by Chrome.
Starting in the stable version of Chrome 62, a message will be added to the Developer Tools panel when a certificate that will be distrusted in Chrome 66 is encountered. Developers can use this functionality to ensure they identify certificates on their websites that will be affected.

Our Recommended Plan of Action

To reduce the amount of disruption and effort required, we recommend the following action:

If your certificate expires BEFORE December 2017

We recommend you renew (instead of reissue) your certificates prior to December. This will allow you to have a trusted certificate in place through the holiday season up until Oct 2018 when all certificate files from Symantec’s existing roots will have an issue and need to be replaced on your website. Alternately, switch over to certificates from a different Certifying Authority (CA) such as Comodo to avoid any issues.

If your certificate expires DURING December

Symantec hopes to have their partner CA issuing certificates on December 1st (a Friday). If you can wait to reissue and replace your certificates until after this occurs, you will most-likely never need to replace your certificate files on your website until their natural expiration date.

However, note that delays may occur which require Symantec to miss the December 1st estimate, and there may be an unusually high volume of issuance at that time which could cause technical issues.

If that is the case, if you are close to the expiration of your current certificate you may risk outages. ‘Holiday freezes’ may also prevent you from replacing certificates during this month.

If you do need to replace your certificate before Symantec’s partner CA is ready to issue certificates, you will need to replace the certificate files again before Chrome 70’s release (expected late Oct 2018).

Alternately, you can switch over to certificates from a different CA such as Comodo to avoid any issues.

If your certificate expires AFTER December 31st, 2017

We recommend you wait to replace any of your certificates until Symantec’s partner CA begins issuing certificates (expected December 1st, 2017). After this date you can begin reissuing and replacing certificates as needed. This way you need to replace your certificate files only one time.

Certificates issued by Symantec’s partner CA will not be affected by Chrome’s changes and will not need to be replaced until their natural expiration.

Special Case: If your certificate was issued BEFORE June 1st, 2016 and expires AFTER April 17th, 2018

You fall into a special case. Your certificate must be reissued and files replaced BEFORE the release of Chrome 66, which is expected April 17th, 2018 in order to remain trusted in Chrome.

However, you should wait until after December 1st 2017 to reissue your certificates. On this date, Symantec’s partner CA will begin issuing certificates. By waiting until this date you will only need to replace your certificate one time.

If you reissue before Symantec’s partner CA is available, your certificate will come from one of Symantec’s current root certificates and will need to be replaced against before October 2018.

UPDATE: Mozilla Firefox will follow more or less the same timelines as Google Chrome.

 

Original article: Chrome and Symantec – the Final “Trust” Solution

©2017 iWebz℠ Blog. All Rights Reserved.

The post Chrome and Symantec – the Final “Trust” Solution appeared first on iWebz℠ Blog.

]]>
Let’s Encrypt certificate or a commercial SSL – the final verdict https://www.iwebz.net/index.php/lets-encrypt-versus-commercial-ssl/ Tue, 02 May 2017 08:07:26 +0000 https://www.iwebz.net/?p=2376 Let's Encrypt background info Introduced in 2016, Let's Encrypt represents a free open certificate authority (CA), which provides website owners with digital certificates for enabling HTTPS (SSL/TLS). It was launched by the Internet Security Research Group (ISRG), a public-benefit organization sponsored by the Mozilla Foundation, the Electronic Frontier Foundation (EFF) and Cisco Systems, with the […]

The post Let’s Encrypt certificate or a commercial SSL – the final verdict appeared first on iWebz℠ Blog.

]]>

let's encrypt logo

Let's Encrypt background info

Introduced in 2016, Let's Encrypt represents a free open certificate authority (CA), which provides website owners with digital certificates for enabling HTTPS (SSL/TLS).

It was launched by the Internet Security Research Group (ISRG), a public-benefit organization sponsored by the Mozilla Foundation, the Electronic Frontier Foundation (EFF) and Cisco Systems, with the aim of making HTTPS encryption both affordable and user-friendly.

Their main goal is to create a more secure, privacy-driven web.

Continue reading

Original article: Let’s Encrypt certificate or a commercial SSL – the final verdict

©2017 iWebz℠ Blog. All Rights Reserved.

The post Let’s Encrypt certificate or a commercial SSL – the final verdict appeared first on iWebz℠ Blog.

]]>
Ballot 193 – 3 Year Certificate Validity To Be Phased Out https://www.iwebz.net/index.php/3-year-ssl-certificate-validity-phase-out/ Mon, 24 Apr 2017 06:26:55 +0000 https://www.iwebz.net/?p=2388 The CA/B Forum approved Ballot 193, which will see reduced SSL certificate lifetimes, as the maximum decreases from three years to two years. This is being done to address the security and logistic issues inherent with long-life certificates. Given that Ballot 193 will impact how certificates are deployed and managed, we wanted to put together […]

The post Ballot 193 – 3 Year Certificate Validity To Be Phased Out appeared first on iWebz℠ Blog.

]]>
SSL Certificate HTTPS browser display

The CA/B Forum approved Ballot 193, which will see reduced SSL certificate lifetimes, as the maximum decreases from three years to two years. This is being done to address the security and logistic issues inherent with long-life certificates.

Given that Ballot 193 will impact how certificates are deployed and managed, we wanted to put together a quick summary of how this will impact those who use (or plan on using) 3-year SSL certificates.

The simple takeaway:

Effective March 1st, 2018 all new SSL certificates will be restricted to a maximum of 825 days (2 years + 3 months renewal buffer). This also affects existing DV (Domain Validation) certificates. Prior to this date, CAs are allowed to issue 3-year certificates. Note that some may choose to discontinue these practices early.

Shorter-term certificates (1-year) are not affected by either of these changes.

If you have already purchased any certificate with 3-year validity with an expiry date after 1st April 2018, avoid requesting a certificate reissue after Feb 2018. If you do so your certificate will be truncated to 825 days validity and you will lose the difference permanently.

To make all of this easier to understand, we have created some scenarios and a description of how these new changes will affect you. More than one of these may (or could) affect you, so please skim all the scenarios:

You want to use 3-year certificates for minimal updates to all your servers.

You can get a new 3-year certificate up until March 2018. This will allow you to have a 3-year certificate in production until 2021, but ONLY if you do not reissue your certificate after March 2018 when the new maximums take effect.

As mentioned above, there are sometimes security vulnerabilities or other industry changes out of your control which may require you to reissue a certificate. In some cases, such as the SHA-1 migration, you can choose not to reissue your certificate if you are okay with degraded treatment in web browsers.

Note that in the past, CAs have chosen to stop issuing products prior to the industry-mandated deadlines. This could mean that due to Ballot 193 some CAs may choose to stop issuing 3-year certificates before March 2018. Plan to check in later this year and do not wait till the last minute assuming a 3-year certificate will be available. If this happens we will contact our existing customers to let them know. If you use another provider/CA, check with them to know what their planned policy is.

You have an existing 3-year certificate (issued before March 2018) that needs to be reissued after March 2018.

From a technical perspective, reissuing a certificate is the same as issuing a new certificate. This means that after March 2018, ALL newly issued certificates (including reissues) must have a maximum validity of 825 days.

When you reissue your existing certificate after March 2018 it will be truncated to 825 days to meet the new requirements and you will permanently ‘lose’ the difference.

You have a DV certificate

Starting March 2018, DV certificates will now be limited to 825 days. Prior to this date, you can continue to get a 3-year certificate. However please note that some CAs may choose to stop issuing 3-year certificates before March 2018.

When you reissue a DV certificate it is already common practice to re-validate domain ownership. This is a simple practice, which can be performed in a few minutes by setting up a DNS record, uploading a file to your server via FTP, or confirming an email.

You have an EV certificate

EV certificates are not affected by either of these changes. Because they meet the highest standards for identity, EV certificates are already limited to stricter maximums for both requirements.

EV certificates have a maximum of 27 months and validity information can only be reused for a maximum of 13 months. There are currently no planned reductions to these periods, however as the CA/B Forum institutes more security-conscious requirements, EV certificates may be restricted to one year.

At this time, we are not aware of any changes to Symantec or Comodo’s product lines due to Ballot 193. However, they may choose to discontinue 3-year certificates ahead of the industry-mandated deadline, or impose other changes to deal with this shift. If and when this happens, we will notify all our customers and be in contact with those whose active certificates are effected.

Reference: https://cabforum.org/2017/03/17/ballot-193-825-day-certificate-lifetimes/

 

Original article: Ballot 193 – 3 Year Certificate Validity To Be Phased Out

©2017 iWebz℠ Blog. All Rights Reserved.

The post Ballot 193 – 3 Year Certificate Validity To Be Phased Out appeared first on iWebz℠ Blog.

]]>
Free SSL Post-Install Server Assessment https://www.iwebz.net/index.php/free-ssl-post-install-server-assessment/ Thu, 30 Mar 2017 15:39:55 +0000 https://www.iwebz.net/?p=2247 Customers of getSSL by iWebz using the automated SSL certificate buying system now have a way of assessing how well they have setup their TLS/SSL certificate on their web server. We now provide the ability to use the Qualys SSL Labs server test from your getSSL Order Details page. What is a server SSL test? […]

The post Free SSL Post-Install Server Assessment appeared first on iWebz℠ Blog.

]]>
getssl.in ssllabs grade

Customers of getSSL by iWebz using the automated SSL certificate buying system now have a way of assessing how well they have setup their TLS/SSL certificate on their web server. We now provide the ability to use the Qualys SSL Labs server test from your getSSL Order Details page.

What is a server SSL test?

The server SSL test looks for incorrect SSL setup or weak encryption (ciphers) enabled on your web server. At the end of the test you will be presented with detailed results (see server SSL test results for getssl.in) with recommendations on how to rectify the identified issues, if any. Always target getting a grade of A+ or A. Anything lower means a risky web server SSL configuration.

Implment the recommendation and ensure your web server has the most secure setup with the TLS/SSL certificate you have purchased.

How can I use the server SSL test?

iWebz has provided a one-click server SSL test launcher link, on the Order Details page. Click the link to launch the SSL installation assessment for your SSL-secured hostname (web server). This server SSL check is absolutely free of cost to you as a customer. Run this test on-demand, unlimited number of times!

free ssl post install server assessment

Order Details page for an Active order with the server SSL test link enabled

In order to use this feature you need to complete the Domain Control Validation (DCV) check. Once you complete the validation, the order is marked Active, and the link will automatically be available as shown in the screenshot.

Updated April 18th, 2017: This link is now upgraded to run a multi-service full website security scan powered by Observatory by Mozilla. This also includes the previous server SSL test powered by Qualys SSL Labs. Now you can choose to consider only the SSL setup results or look at the complete security analysis of your website.

 

Original article: Free SSL Post-Install Server Assessment

©2017 iWebz℠ Blog. All Rights Reserved.

The post Free SSL Post-Install Server Assessment appeared first on iWebz℠ Blog.

]]>
getSSL launches SSL Certificate Order Status via SMS for customers from India https://www.iwebz.net/index.php/getssl-launches-ssl-certificate-order-status-via-sms/ Thu, 16 Feb 2017 15:43:13 +0000 https://www.iwebz.net/?p=2072 Send SMS message to know your getSSL order status Send a SMS with IWEBZ SSLORDER Order_Number to the mobile number 92205 92205 to know current order status for your SSL certificate order anytime* after Step 1 of the getSSL certificate order process. Standard SMS rates apply for India. This facility is only available for fresh […]

The post getSSL launches SSL Certificate Order Status via SMS for customers from India appeared first on iWebz℠ Blog.

]]>

Send SMS message to know your getSSL order status

Send a SMS with IWEBZ SSLORDER Order_Number to the mobile number 92205 92205 to know current order status for your SSL certificate order anytime* after Step 1 of the getSSL certificate order process. Standard SMS rates apply for India. This facility is only available for fresh certificate orders placed by Customers from India after January 22nd, 2017.

For example, if you have paid for your order, and your order/invoice number is 14021717174045, then send IWEBZ SSLORDER 14021717174045 to 92205 92205 to know order status.

If your number is on the DND list then you will not receive a response. You will need to first send the keywords IWEBZ START to the mobile number 92932 92932 to subscribe to this service before sending the order status request via SMS.

*This SMS service will only respond between 9am to 9pm.

iWebz℠ Can Help You Get SSL Certificates Fast & Cheap!

Our SSL certificate deals start as low as $6.75 per year!!

Due to our large-scale sourcing relationship from top global SSL brands such as COMODO, RapidSSL, GeoTrust and Thawte, you get the best SSL certificates at the best prices!

All certificates purchased via iWebz will have the best SHA2 256-bit security encryption with 2048-bit key length, and also improve your website's Google search result ranking.

getstarted_b

Visit our SSL Certificate store

SSL Certificate Product Recommendations

Original article: getSSL launches SSL Certificate Order Status via SMS for customers from India

©2017 iWebz℠ Blog. All Rights Reserved.

The post getSSL launches SSL Certificate Order Status via SMS for customers from India appeared first on iWebz℠ Blog.

]]>
HTTP To HTTPS In 15 Minutes For getSSL.in Customers https://www.iwebz.net/index.php/http-to-https-in-15-minutes-for-getssl-in-customers/ Mon, 23 Jan 2017 15:25:59 +0000 https://www.iwebz.net/?p=1955 Now you can enable HTTPS access for your website in 15 minutes flat! The team at getSSL by iWebz℠ (www.getssl.in) has just introduced a completely automated order process for new SSL/TLS certificate orders. The File-based and CNAME-based domain validations are also now available in addition to the Email-based method. Certificate files can be downloaded in […]

The post HTTP To HTTPS In 15 Minutes For getSSL.in Customers appeared first on iWebz℠ Blog.

]]>

SSL Certificate HTTPS browser display

Now you can enable HTTPS access for your website in 15 minutes flat!

The team at getSSL by iWebz℠ (www.getssl.in) has just introduced a completely automated order process for new SSL/TLS certificate orders.

The File-based and CNAME-based domain validations are also now available in addition to the Email-based method.

Certificate files can be downloaded in ZIP format immediately after the Domain Validation step is completed.

As a result of this development the following steps can now be completed in just a few minutes:

  • Online Order Payment - typically 2-3 minutes
  • Certificate Enrollment with CSR - typically 4-5 minutes
  • Domain Validation (DV) check - typically within 4-5 minutes of Email validation (recommended)/1 hour of File validation/4 hours of CNAME validation
  • Certificate Files Download - immediately available after DV check is successful

Thats not all... Certificates can now be re-issued within minutes as well!

The certificate re-issue process will include a DV check if a new CSR is submitted, otherwise certificates will be re-issued and available for download within 5 minutes.

You can also request for certificates to be re-issued unlimited number of times before expiry of the certificate.

With the new order process we will provide the following benefits:

  • Fully online order process lets you control the speed of certificate generation.
  • Certificates can be downloaded within minutes of placing the order.
  • Certificate order status can now be tracked in real-time.
  • Certificate files can be downloaded on-demand any number of times.
  • Unlimited certificate re-issues on-demand within validity.
  • Lowest prices in India for Comodo, RapidSSL, Thawte, and GeoTrust certificates.
  • Payment accepted via Cards, Net Banking, UPI, and Digital Wallets.

Place an order for a Free SSL certificate* to practise certificate generation & installation, and try out the experience of ordering via getSSL.

Order Free SSL Certificate

*The Free SSL certificate is issued by RapidSSL and is issued only once per domain name.

 

Original article: HTTP To HTTPS In 15 Minutes For getSSL.in Customers

©2017 iWebz℠ Blog. All Rights Reserved.

The post HTTP To HTTPS In 15 Minutes For getSSL.in Customers appeared first on iWebz℠ Blog.

]]>
iWebz.host Android mobile app launched https://www.iwebz.net/index.php/iwebz-host-android-mobile-app-launched/ Sun, 25 Dec 2016 08:50:46 +0000 https://www.iwebz.net/?p=1864 Launched on Christmas day 2016, the team at iWebz℠ is happy to present to you our very first mobile app available for Android smartphones. The Services tab in the app showcases all iWebz℠ services and acts as an interactive menu for information and service engagement. The Updates tab is updated with the latest news & […]

The post iWebz.host Android mobile app launched appeared first on iWebz℠ Blog.

]]>

iWebz.host Android mobile app header

Launched on Christmas day 2016, the team at iWebz℠ is happy to present to you our very first mobile app available for Android smartphones.

The Services tab in the app showcases all iWebz℠ services and acts as an interactive menu for information and service engagement.

The Updates tab is updated with the latest news & updates from iWebz℠ as they get posted on our blog.

The Contact tab lets you get in touch with the team at iWebz℠ for queries regarding any of our services.

To download the latest version of the iWebz.host Android mobile app on your smartphone scan the QR code shown above, or click the Download button in your mobile web browser.

DOWNLOAD

NOTE: The iWebz.host Android mobile app is only available via the link above.

 

Original article: iWebz.host Android mobile app launched

©2017 iWebz℠ Blog. All Rights Reserved.

The post iWebz.host Android mobile app launched appeared first on iWebz℠ Blog.

]]>
Digital Wallet Payments Now Accepted – India Only https://www.iwebz.net/index.php/digital-wallet-payments-now-accepted-india-only/ Fri, 11 Nov 2016 14:42:26 +0000 https://www.iwebz.net/?p=1599 Wallet Payments For Indian Small Businessmen and IndividualsiWebz aims to enable small businesses and individuals with affordable web-based technologies. Payments via Cards & NetBanking were a pain point for several small businessmen & individuals as they needed details on-hand to make payments. We are glad to report that we now accept digital wallet payments from […]

The post Digital Wallet Payments Now Accepted – India Only appeared first on iWebz℠ Blog.

]]>

Wallet Payments For Indian Small Businessmen and Individuals

iWebz aims to enable small businesses and individuals with affordable web-based technologies. Payments via Cards & NetBanking were a pain point for several small businessmen & individuals as they needed details on-hand to make payments. We are glad to report that we now accept digital wallet payments from a variety of Indian service providers as listed below.

freecharge logo
mobikwik logo
jio money logo
ola money logo

UPDATE 16th Nov 2016: We have just been informed by our payment gateway vendor that PayTM wallet will no longer be supported.

Wallet Payments Made Easy

Making wallet payments in India is easy! Simpy select Wallets as your payment source followed by selecting the specific digital wallet to charge to make your payment. Thereafter your payment will be processed via your selected option. All you need to do is login to authorise fund transfer. Currently there is a limit of ₹10,000 per month per digital wallet.

wallet payments selection
wallet payments wallet selection

Wallet Payments Accepted Here

iWebz℠ now accepts wallet payments for India (only) for various product & services on the following websites:

 

Original article: Digital Wallet Payments Now Accepted – India Only

©2017 iWebz℠ Blog. All Rights Reserved.

The post Digital Wallet Payments Now Accepted – India Only appeared first on iWebz℠ Blog.

]]>
GlobalSign Certificates Un-Trusted https://www.iwebz.net/index.php/globalsign-certificates-un-trusted/ Fri, 14 Oct 2016 18:40:23 +0000 https://www.iwebz.net/?p=1481 GlobalSign Certificates Revoked Users around the world have had trouble accessing some HTTPS-based websites due to a certificate revocation testing error at GlobalSign. Websites affected included those of the Financial Times, Guardian, Wikipedia, and Dropbox. Most sites these days are installing SSL/TLS certificates to benefit from various options afforded by HTTPS connections. However, websites secured […]

The post GlobalSign Certificates Un-Trusted appeared first on iWebz℠ Blog.

]]>

GlobalSign Certificates Revoked

Users around the world have had trouble accessing some HTTPS-based websites due to a certificate revocation testing error at GlobalSign. Websites affected included those of the Financial Times, Guardian, Wikipedia, and Dropbox.

Most sites these days are installing SSL/TLS certificates to benefit from various options afforded by HTTPS connections. However, websites secured by GlobalSign had the opposite experience thanks to a goof-up by the Certificate Authority.

globalsign error shows wikipedia insecure

The Goof-up...

GlobalSign inadvertently triggered the revocation of its intermediary certificates while updating a special cross-certificate. The revocation of such a certificate was interpreted by some browsers and systems also as a revocation of the intermediate certificates that chained back to it. This broke the chain of trust and ultimately canceled SSL/TLS certificates issued to it's customers.

It could take until the beginning of next week for the accidentally revoked certificates to be corrected, leaving visitors unable to easily read their favorite webpages. Sales at affected e-commerce websites using GlobalSign SSL/TLS certificates will also be badly impacted.

Are you affected?

The problem will not hit everyone due to the wide range of caching and revocation policies employed by different browsers, apps and other software. If your mobile app or web browser hasn't picked up the revocation yet, it should be fine.

GlobalSign has released a full incident report to provide full disclosure on the Certificate Revocation Issue.

Our SSL certificate deals start as low as $6.00 per year!!

Due to our large-scale sourcing relationship from top global SSL brands such as COMODO, RapidSSL, GeoTrust and Thawte, you get the best SSL certificates at the best prices!

All certificates purchased via iWebz will have the best SHA2 256-bit security encryption with 2048-bit key length, and also improve your website's Google search result ranking.

getstarted_b

Visit our SSL Certificate store

SSL Certificate Product Recommendations

Original article: GlobalSign Certificates Un-Trusted

©2017 iWebz℠ Blog. All Rights Reserved.

The post GlobalSign Certificates Un-Trusted appeared first on iWebz℠ Blog.

]]>
COMODO most popular SSL certificate brand amongst top 1mn websites https://www.iwebz.net/index.php/comodo-most-popular-ssl-top-1mn-websites/ Sat, 24 Sep 2016 20:26:43 +0000 https://www.iwebz.net/?p=1421 COMODO most popular SSL brand and comes out a clear winner with a 28% website share. GeoTrust comes in a distant second with a 12% share. GoDaddy is third with 7%. Lets Encrypt comes 5th and powers 5% of these websites. The top certificate authorities identified are as follows: Image courtesy Kenn White via Adam […]

The post COMODO most popular SSL certificate brand amongst top 1mn websites appeared first on iWebz℠ Blog.

]]>

COMODO most popular SSL brand and comes out a clear winner with a 28% website share. GeoTrust comes in a distant second with a 12% share. GoDaddy is third with 7%. Lets Encrypt comes 5th and powers 5% of these websites.

The top certificate authorities identified are as follows:

comodo most popular ssl certificate

Image courtesy Kenn White via Adam Caudill

700,275 out of the top 1 million websites responded with a SSL / TLS certificate on port 443. The scanner attempted to connect to the domain on port 443, and if that failed, then attempted to connect to the “www” subdomain. 

The scan was run with an eight second timeout. Any server that couldn’t complete a handshake within eight seconds wasn’t counted.

No certificate validation was performed. The scan didn’t attempt any other ports or subdomains.

Original article: COMODO most popular SSL certificate brand amongst top 1mn websites

©2017 iWebz℠ Blog. All Rights Reserved.

The post COMODO most popular SSL certificate brand amongst top 1mn websites appeared first on iWebz℠ Blog.

]]>
Banned country list for SSL now includes Zimbabwe https://www.iwebz.net/index.php/zimbabwe-banned-country-list-ssl/ Tue, 20 Sep 2016 18:52:03 +0000 https://www.iwebz.net/?p=1400 Websites from Zimbabwe are now banned by the Certification Authority Browser forum from receiving Extended Validation (EV), Organization Validation (OV), and Domain Validation (DV) SSL certificates. Countries are usually banned or restricted when the country is experiencing a period of political unrest and the security of information traveling in and out may be compromised by the […]

The post Banned country list for SSL now includes Zimbabwe appeared first on iWebz℠ Blog.

]]>

ssl connection not secure

Websites from Zimbabwe are now banned by the Certification Authority Browser forum from receiving Extended Validation (EV), Organization Validation (OV), and Domain Validation (DV) SSL certificates.

Countries are usually banned or restricted when the country is experiencing a period of political unrest and the security of information traveling in and out may be compromised by the government or an outside entity.

The banned country list for SSL certificates comprises of Afghanistan, Cote d’Ivoire, Cuba, Eritrea, Guinea, Iraq, Islamic Republic of Iran, Democratic People’s Republic of Korea, Liberia, Myanmar, Rwanda, Sudan, Sierra Leone, South Sudan, Syrian Arab Republic, and Zimbabwe.

The restrictions do not affect websites that already have SSL certificates, but any websites applying for new certificates are being denied.

 

Original article: Banned country list for SSL now includes Zimbabwe

©2017 iWebz℠ Blog. All Rights Reserved.

The post Banned country list for SSL now includes Zimbabwe appeared first on iWebz℠ Blog.

]]>
Not Secure indicator for HTTP websites in Google Chrome https://www.iwebz.net/index.php/not-secure-http-websites-google-chrome/ Sat, 17 Sep 2016 13:12:59 +0000 https://www.iwebz.net/?p=1383 The release of Google Chrome 53 saw the first phase implemented in Google's long-term vision of HTTPS becoming an Internet standard. This comes on the back of a major milestone noted via Chrome browser usage. More than half of Chrome desktop page loads are now served over HTTPS. Not Secure treatment for HTTP For now, […]

The post Not Secure indicator for HTTP websites in Google Chrome appeared first on iWebz℠ Blog.

]]>

The release of Google Chrome 53 saw the first phase implemented in Google's long-term vision of HTTPS becoming an Internet standard. This comes on the back of a major milestone noted via Chrome browser usage.

More than half of Chrome desktop page loads are now served over HTTPS.

Not Secure treatment for HTTP

For now, Chrome is marking all non-secure sites with an information radial that further explains a website has no encryption. This will go a step further starting in January of 2017 for websites with password or credit card fields.

chrome treatment of HTTP pages as not secure

Eventually, every single website without SSL will have a red warning symbol with "Not Secure" next to it within the Chrome environment.

HTTP websites not secure in Google Chrome

Click the link to hear it straight from Google.

Original article: Not Secure indicator for HTTP websites in Google Chrome

©2017 iWebz℠ Blog. All Rights Reserved.

The post Not Secure indicator for HTTP websites in Google Chrome appeared first on iWebz℠ Blog.

]]>
Let’s Encrypt Free SSL Certificates – What You Need To Know https://www.iwebz.net/index.php/lets-encrypt-free-ssl-certificates-need-know/ Tue, 26 Apr 2016 07:06:34 +0000 https://www.iwebz.net/?p=870 About Let’s EncryptLet’s Encrypt is a new non-profit Certificate Authority (CA) sponsored and founded by industry advocates; such as, the Electronic Frontier Foundation (EFF), Mozilla, and the Internet Security Research Group (ISRG). Let’s Encrypt offers free SSL certificates. The key principles behind Let’s Encrypt are: Free: Anyone who owns a domain name can use Let’s […]

The post Let’s Encrypt Free SSL Certificates – What You Need To Know appeared first on iWebz℠ Blog.

]]>

About Let’s Encrypt

let's encrypt logoLet’s Encrypt is a new non-profit Certificate Authority (CA) sponsored and founded by industry advocates; such as, the Electronic Frontier Foundation (EFF), Mozilla, and the Internet Security Research Group (ISRG). Let’s Encrypt offers free SSL certificates.

The key principles behind Let’s Encrypt are:

  • Free: Anyone who owns a domain name can use Let’s Encrypt to obtain a trusted certificate at zero cost.
  • Automatic: Software running on a web server can interact with Let’s Encrypt to painlessly obtain a certificate, securely configure it for use, and automatically take care of renewal.
  • Secure: Let’s Encrypt will serve as a platform for advancing TLS security best practices, both on the CA side and by helping site operators properly secure their servers.
  • Transparent: All certificates issued or revoked will be publicly recorded and available for anyone to inspect.
  • Open: The automatic issuance and renewal protocol will be published as an open standard that others can adopt.
  • Cooperative: Let’s Encrypt is a joint effort to benefit the community, beyond the control of any one organization.

Let’s Encrypt Will Have Major Limitations

Unfortunately, Let’s Encrypt will have some very notable limitations due to their limited funding and infrastructure. Because they will only be offering free certificates, they will only be able to provide automated, basic encryption only/Domain Validated (DV) SSL certificates with no other frills that typically come with SSL certificates.

Other observations that undermine Let’s Encrypt

Since the SSL certificates are free of cost and open to anyone, malvertisers and other bad guys can get them for all their websites. This lets them encrypt data transferred to their servers making detection by good guys more difficult. This undermines the trust factor of Let's Encrypt and could lead to their certificates being derecognised in future.

Unlike brands that have been around for longer such as COMODO, Thawte, GeoTrust, Symantec, etc., Let's Encrypt intermediate CA certificates (required for recognising website certificates) are not available on older versions of operating systems such as Windows XP. Users on those systems will not have a secure connection and so will not transact.

Years of Experience Taught us That Users Need More than a Free Certificate

We have worked with many customers and if our experience has taught us anything, it’s that SSL can be confusing, and many people need help. Knowing what type of certificate you need and how you will get it successfully working on your network are the most common and most serious questions our customers have.

Let’s Encrypt’s one-size-fits-all approach isn’t perfect. A personal blog has different needs than a corporate homepage. We believe there is a perfect solution for everyone: personal attention and attentive support behind globally recognized brands. A free service cannot afford to give that to their non-paying customer.

Our Assessment of Let’s Encrypt

We do not think Let’s Encrypt should be a viable option for commercial use of any kind, you should continue to buy from established Certificate Authorities (CAs) such as Symantec, Comodo, GeoTrust, RapidSSL and Thawte. Especially since the pricing for basic encryption/Domain Validated (DV) certificates are available for extremely low and affordable rates and still carry a strong brand name recognized by most web users.

Original article: Let’s Encrypt Free SSL Certificates – What You Need To Know

©2017 iWebz℠ Blog. All Rights Reserved.

The post Let’s Encrypt Free SSL Certificates – What You Need To Know appeared first on iWebz℠ Blog.

]]>
New GeoTrust & Thawte DV Wildcard SSL Certificates https://www.iwebz.net/index.php/new-dv-wildcard-ssl-certificates-geotrust-thawte/ Fri, 25 Mar 2016 11:40:42 +0000 https://www.iwebz.net/?p=783 GeoTrust & Thawte have introduced new DV Wildcard SSL certificates, and we are pleased to be amongst the first to make them available. What are DV Wildcard SSL certificates? These certificates are a type of DV SSL certificates which can be used with multiple websites or hostnames (subdomains) setup using a single top-level domain name. […]

The post New GeoTrust & Thawte DV Wildcard SSL Certificates appeared first on iWebz℠ Blog.

]]>
GeoTrust & Thawte have introduced new DV Wildcard SSL certificates, and we are pleased to be amongst the first to make them available.

What are DV Wildcard SSL certificates?

wildcard ssl certificate example

These certificates are a type of DV SSL certificates which can be used with multiple websites or hostnames (subdomains) setup using a single top-level domain name.

For example, a wildcard SSL certificate for *.iwebz.net will protect www.iwebz.net and ssl.iwebz.net, but NOT www.getssl.in which is setup on a different domain name.

Domain Validated (DV) or Standard SSL certificate is where the CA checks the right of the applicant to use a specific domain name. No company identity information is vetted and no information is displayed other than encryption information within the Secure Site Seal.

New DV Wildcard Certificates

GeoTrust’s new DV wildcard option is GeoTrust QuickSSL Premium Wildcard. It builds on GeoTrust’s already popular QuickSSL Premium certificate. It features a dynamic clickable site seal that displays time-stamped data to further add trust to a site. Read more

Thawte’s new DV wildcard option is the Thawte SSL123 Wildcard. It builds on Thawte’s already popular SSL 123 certificate. This certificate also comes with a dynamic clickable Thawte site seal. Read more

Who should use these SSL certificates?

These certificates are an ideal option for any business that has any number of sub-domains that need security or future-proofing their site for sub-domains that may come in the near future. Typical users of wildcard certificates are cloud-based hosted web services, mobile app developers, and enterprise public cloud setups.

Both these certificates offer a DYNAMIC Site Seal which can be displayed on your website. It features a time/date stamp that identifies your site as authentic and validated by a trusted 3rd party. This feature itself boosts customer trust in your website and is important for websites involved in e-commerce.

 

Original article: New GeoTrust & Thawte DV Wildcard SSL Certificates

©2017 iWebz℠ Blog. All Rights Reserved.

The post New GeoTrust & Thawte DV Wildcard SSL Certificates appeared first on iWebz℠ Blog.

]]>
DROWN Attack – 33% HTTPS servers at risk https://www.iwebz.net/index.php/drown-attack-33-https-servers-risk/ Thu, 24 Mar 2016 19:12:55 +0000 https://www.iwebz.net/?p=776 DROWN stands for “Decrypting RSA with Obsolete and Weakened eNcryption”Modern servers and clients use the Transport Layer Security (TLS) encryption protocol. However, due to misconfigurations, many servers also still support SSLv2, a 1990s-era predecessor to TLS. A DROWN attack is a cross-protocol attack that uses weaknesses in the SSLv2 implementation against TLS, and that can […]

The post DROWN Attack – 33% HTTPS servers at risk appeared first on iWebz℠ Blog.

]]>

DROWN stands for “Decrypting RSA with Obsolete and Weakened eNcryption”

Websites, mail servers, and other TLS-dependent services are all at risk for this kind of attack, including many popular websites. It allows attackers to break the encryption and read or steal sensitive communications, including passwords, credit card numbers, trade secrets, or financial data.

drown attack scenarios

Next Steps For Server Admins

Learn more and check if your servers are affected.

Original article: DROWN Attack – 33% HTTPS servers at risk

©2017 iWebz℠ Blog. All Rights Reserved.

The post DROWN Attack – 33% HTTPS servers at risk appeared first on iWebz℠ Blog.

]]>
RC4 Cipher No Longer Supported https://www.iwebz.net/index.php/rc4-cipher-no-longer-supported/ Wed, 10 Feb 2016 12:39:56 +0000 https://www.iwebz.net/?p=699 Insecure RC4 Cipher Within the last month, major browsers have removed support for the RC4 Cipher, which was an encryption algorithm available for SSL connections. Academic research found that this cipher had serious design flaws which could allow attackers to decrypt information using the cipher. While remarkable for its simplicity and speed in software, multiple […]

The post RC4 Cipher No Longer Supported appeared first on iWebz℠ Blog.

]]>
Insecure RC4 Cipher

Within the last month, major browsers have removed support for the RC4 Cipher, which was an encryption algorithm available for SSL connections.

Academic research found that this cipher had serious design flaws which could allow attackers to decrypt information using the cipher.

While remarkable for its simplicity and speed in software, multiple vulnerabilities have been discovered in RC4, rendering it insecure. The most important weakness of RC4 comes from the insufficient key schedule; the first bytes of output reveal information about the key.

Support dropped

Support for RC4 was officially dropped with Chrome v48 and Firefox v44, both released in late January. Microsoft’s Edge browser and IE11 will also be dropping support for the cipher.

In Chrome, if a SSL connection is attempted with RC4 a non-bypassable error will be displayed. This will entirely prevent users from accessing such sites.

To see how this error will look to users, visit rc4.badssl.com in your browser(s). Data suggests that less than 10% of sites prioritize the RC4 cipher in modern browsers.

 

Original article: RC4 Cipher No Longer Supported

©2017 iWebz℠ Blog. All Rights Reserved.

The post RC4 Cipher No Longer Supported appeared first on iWebz℠ Blog.

]]>
New PCI Standard: Disable SSL 3.0 & TLS 1.0 by June 2016 https://www.iwebz.net/index.php/new-pci-standard-disable-ssl-3-0-tls-1-0-by-june-2016/ Sun, 21 Jun 2015 12:47:11 +0000 https://www.iwebz.net/?p=523 New guidelines dictating the requirements for PCI Compliance, version 3.1 of PCI Data Security Standards (PCI DSS), were released in April. These guidelines must be followed for all companies who take payments over the Internet. A key part of the new PCI DSS are stricter requirements around the use of TLS (SSL). PCI DSS v3.1 […]

The post New PCI Standard: Disable SSL 3.0 & TLS 1.0 by June 2016 appeared first on iWebz℠ Blog.

]]>
PCI DSS 3.1 SSL TLS

Image courtesy Security Metrics blog

New guidelines dictating the requirements for PCI Compliance, version 3.1 of PCI Data Security Standards (PCI DSS), were released in April. These guidelines must be followed for all companies who take payments over the Internet. A key part of the new PCI DSS are stricter requirements around the use of TLS (SSL).

PCI DSS v3.1 states that SSL 3.0 and TLS 1.0 “can no longer be used as a security control after June 30th, 2016.” This means that disabling these protocol versions is required in order to be compliant with handling sensitive cardholder data.

Any time we discuss protocols, we like to remind our readers that the true name of the modern protocol is Transport Layer Security (TLS), not SSL. The most recent version of the protocol is TLS 1.2, and the last version to be released under the name “SSL”, was SSL 3.0 way back in 1996.

After the POODLE attack discovered late last year, SSL 3.0 was effectively retired. The newest versions of most modern browsers no longer support SSL 3.0, and everyone should check their servers to make sure they have disabled support for that insecure protocol.

Disabling protocol versions is easy – once you locate where your server stores the configuration settings for SSL, it takes less than a few minutes to update. The hard part of meeting these requirements will be to make a risk assessment of your user base to determine if removing TLS 1.0 support will be problematic.

Remember that PCI DSS dictates technical requirements and procedures for servers that are directly handling user payment information, personal records, and administrative access. So if you do not take payments directly – but instead use a provider such as Paypal, Authorize.net, or Square, you may not have to be PCI Compliant. For companies who do handle payments directly, it’s not necessarily required to make these changes network wide. For many networks and companies this will ease compliance.

So, if you are affected by these changes, how much time do you have?

The deadline for ending support for SSL 3.0 and TLS 1.0 is June 30th, 2016, just about a year from now. However this comes with some caveats. “Effective immediately, new implementations must not use SSL or [TLS 1.1],” and existing implementations must have a “formal Risk Mitigation and Migration Plan in place.”

So while the hard deadline on abandoning these old SSL protocols is about 12 months away, the easiest option will be to migrate from these protocol versions now.

The PCI Security Standards Council suggests you only support TLS 1.2 for optimal configuration. This is because all protocol versions except for TLS 1.2 are vulnerable, though you may find users’ devices do not support this version so for practical versions this may not be possible. If you do keep TLS 1.1 enabled, make sure you optimize your configuration to avoid potential security flaws.

If you or your clients handle user data which requires PCI compliance, you will want to consult directly with their new PCI DSS v3.1 Standards, available here:
https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf

A summary of the changes specifically affecting SSL are available here:
https://www.pcisecuritystandards.org/documents/Migrating_from_SSL_Early_TLS_Information%20Supplement_v1.pdf

 

Original article: New PCI Standard: Disable SSL 3.0 & TLS 1.0 by June 2016

©2017 iWebz℠ Blog. All Rights Reserved.

The post New PCI Standard: Disable SSL 3.0 & TLS 1.0 by June 2016 appeared first on iWebz℠ Blog.

]]>
Thawte SGC SuperCerts Discontinued https://www.iwebz.net/index.php/thawte-sgc-supercerts-discontinued/ Fri, 27 Mar 2015 08:50:18 +0000 http://www.iwebz.net/?p=432 Effective immediately, per the direction of Thawte, we have ceased all new orders of the Thawte SGC SuperCert. Instead we’d recommend looking into the other comparable certificates listed below. Thawte Thawte SSL Webserver Thawte SSL Webserver EV* Symantec Symantec Secure Site Symantec Secure Site with EV* Server Gated Cryptography (SGC) SSL Certificates These SSL certificates […]

The post Thawte SGC SuperCerts Discontinued appeared first on iWebz℠ Blog.

]]>
thawte logoEffective immediately, per the direction of Thawte, we have ceased all new orders of the Thawte SGC SuperCert.

Instead we’d recommend looking into the other comparable certificates listed below.

Thawte

Symantec

Server Gated Cryptography (SGC) SSL Certificates

These SSL certificates enabled older browsers to connect to websites using 128-bit encryption even if the normal browser encryption rate was 40-bit. At one time this seemed to provide a great advantage to many websites.

Today, SGC certificates are widely considered to be obsolete, as browsers requiring enhanced encryption capabilities are all but extinct, and many parties contend that facilitating the use of older, insecure browsers creates more security concerns than it remedies.

However, if you know you absolutely still need SGC, the below certificate from Comodo is available as an alternative.

Comodo

All of the above certificates listed are great alternatives to the Thawte SGC SuperCert. If you’re still uncertain about which certificate is right for you, please feel free to get in touch with us and our SSL experts will be glad to assist you in finding the right certificate.

Note: If you currently have an existing Thawte SGC SuperCert that has been issued, the certificate will continue to secure your website until the expiration date of the certificate.

*If you have qualified for a Thawte OV certificate in the past, like the SGC SuperCert, it’s likely that you can qualify for an EV certificate and get the green address bar as well. With the premium Symantec brand, you also get fantastic ROI potential with the trusted Norton Secure Seal.

For future purchases and renewals, we would recommend the Thawte SSL Webserver certificate as a comparable option.

Original article: Thawte SGC SuperCerts Discontinued

©2017 iWebz℠ Blog. All Rights Reserved.

The post Thawte SGC SuperCerts Discontinued appeared first on iWebz℠ Blog.

]]>
The “Poodle” SSL Bug https://www.iwebz.net/index.php/poodle-ssl-bug/ Wed, 15 Oct 2014 18:12:41 +0000 http://www.iwebz.net/?p=279 Just a few months after the Heartbleed bug shattered the believed-to-be-secure SSL/TLS encryption layer status quo and put data transfers, emails, instant messages, etc. at risk, a new SSL vulnerability has been brought to light by Google experts. According to Google researchers, a weakness in the SSL 3.0 protocol could be used to eavesdrop critical […]

The post The “Poodle” SSL Bug appeared first on iWebz℠ Blog.

]]>

green secure shieldJust a few months after the Heartbleed bug shattered the believed-to-be-secure SSL/TLS encryption layer status quo and put data transfers, emails, instant messages, etc. at risk, a new SSL vulnerability has been brought to light by Google experts.

According to Google researchers, a weakness in the SSL 3.0 protocol could be used to eavesdrop critical data that is transferred over an encrypted connection between web browsers, apps, etc. and servers.

The ‘new’ bug is called POODLE – an acronym for Padding Oracle On Downgraded Legacy Encryption.

The mechanism of the POODLE attack

The newly discovered POODLE exploit poses a great threat to online security, since it affects an old SSL version, which is still widely used by the majority of servers and clients.

It allows hackers to outsmart a web client by telling it that the server does not support the more secure TLS (Transport Layer Security) protocol, so the client is forced to connect via SSL 3.0.

This downgrade maneuver opens the door of abuse and attackers can freely decrypt secure HTTP data and steal the protected information.

Measures taken against POODLE attacks

With the discovery of POODLE, the security specialists at Google instantly recommended measures for dealing with this encryption issue.

First and foremost, the SSL 3.0 protocol needs to be disabled for both participants in the SSL communication – the server and the client, and they need to default to the more secure TLS. This will stop attackers from forcing the communication to go through the exploited SSL 3.0.

Server-side measures:

In response to the Google team’s recommendation, our web hosting servers no longer support SSL 3.0 and older versions of the protocol. Also, our admins have set the minimum SSL requirement to the provenly secure TLS 1.0.

NOTE: As a result, an Internet Explorer browser whose version is 6.0 or older will not be able to access websites hosted on our servers.

Client-side measures:

As far as web clients are concerned, Google specialists recommend that end users immediately disable SSL 3.0 support in their browsers, if such exists.

In response to the issue, Google plans to remove SSL 3.0 support completely from all its products in the upcoming months. Currently, they even offer a Chromium patch, which disables the SSL 3.0 fallback.

Mozilla has also announced plans to turn off SSL 3.0 in Firefox and it will be disabled by default in Firefox 34, which will be released in November. They also offer code for disabling the protocol, which is now available via Nightly. Also, you can use the SSL Version Control add-on for Firefox.

Here you can find details instructions on how to disable the use of SSLv3 for the most common browsers and Operating Systems - https://zmap.io/sslv3/browsers.html

Upcoming actions against POODLE attacks

To further secure our system against future downgrade attacks, our admins are also planning to implement TLS_FALLBACK_SCSV (Transport Layer Security Signalling Cipher Suite Value) on all our servers shortly. We’ll keep you posted.

 

Original article: The “Poodle” SSL Bug

©2017 iWebz℠ Blog. All Rights Reserved.

The post The “Poodle” SSL Bug appeared first on iWebz℠ Blog.

]]>