While we have to use certificates, most applications will create a self-signed certificate. This is not a good practice at all, however. When do you decide to use a certificate authority (CA) server on your own network?

This is a complicated question, but I will share some points that I have learned along the road about when it makes sense to install a local certificate authority. In many situations, people deploy the Windows Active Directory Certificate Services role. Having centralized management with Group Policy is a requirement to scale the reach of the policies to many users and computers. One trick is to deploy certificates through Group Policy, which is especially helpful with device certificates.

New technology performs calculations on encrypted data without decrypting it

Security researchers at Microsoft have found a way to break the end-to-end security guarantees of HTTPS without breaking any cryptographic scheme.

Popular microblogging service Twitter was knocked offline for an extended period this morning by what appears to be a massive distributed denial-of-service attacks.

LAS VEGAS — A popular laptop theft-recovery service that ships on notebooks made by HP, Dell, Lenovo, Toshiba, Gateway, Asus and Panasonic is actually a dangerous BIOS rootkit that can be hijacked and controlled by malicious hackers.

Our ears may have built-in passwords

The paper presents a new steganographic method called RSTEG (Retransmission Steganography), which is intended for a broad class of protocols that utilises retransmission mechanisms.

The OpenSSL Project has released new versions of its popular implementation of the SSL v2/v3 and TLS protocols to fix three security vulnerabilities.

According to an advisory from the open-source group, the toolkit update fixes three security flaws that carry “moderate severity” ratings.