Security Researchers Lose Faith in HTTP Public Key Pinning

1 September 2017

A few years ago, Google security engineers proposed a method for webmasters to protect their users from hackers who might try to impersonate HTTPS websites by using fraudulently obtained SSL certificates. The security mechanism, known as HTTP Public Key Pinning (HPKP) or certificate pinning, is now an internet standard, but some security researchers are having second thoughts about its efficiency.

Read full news article on The New Stack

Date:

1 September 2017

Categorie(s):

NEWS

Tag(s):

Analysis, Certificate Authority, Certificate Transparency, Global, HTTPS, Man-In-The-Middle Attacks, Pinning, SSL, TLS

Okta Warns of Unprecedented Surge in Proxy-Driven Credential Stuffing Attacks28 April 2024
Good Security Is About Iteration, Not Perfection.28 April 2024
Week in review: Two Cisco ASA zero-days exploited, MITRE breach, GISEC Global 202428 April 2024
Security budgets are growing, but so is vendor sprawl27 April 2024
The Top 5 Benefits Of Using Outsourcing Services27 April 2024