TweakTown

iOS contained security flaw that failed to validate SSL

Apple quietly provided iOS 7.0.6 update to fix a vulnerability issue in an SSL connection verification. Many security experts concluded that there's a major security flaw found in the OS. End users ...
Threat Post

Renewed Attention on Android Apps Failing SSL Validation

CERT researcher Will Dormann presented an update on his research looking at Android apps that fail to validate SSL; Google meanwhile, says it will get stricter with enforcement. SAN FRANCISCO – ...
Threat Post

CERT/CC Enumerates Android App SSL Validation Failures

The CERT Coordination Center at Carnegie Mellon today released a list of Android applications hosted on Google Play and Amazon that it says fail to validate SSL certificates over HTTPS. A growing ...
Bleeping Computer

qBittorrent fixes flaw exposing users to MitM attacks for 14 years

qBittorrent has addressed a remote code execution flaw caused by the failure to validate SSL/TLS certificates in the application's DownloadManager, a component that manages downloads throughout the ...
Network World

GoDaddy revokes nearly 9,000 SSL certificates issued without proper validation

GoDaddy, one of the world’s largest domain registrars and certificate authorities, revoked almost 9,000 SSL certificates this week after it learned that its domain validation system has had a serious ...
CSOonline

Researchers propose TLS extension to detect rogue SSL certificates

A pair of security researchers have proposed an extension to the Transport Layer Security (TLS) protocol that would allow browsers to detect and block fraudulently-issued SSL certificates. Called TACK ...