Chrome will distrust CA certificates from Entrust later this year
Google will stop trusting Entrust CA certificates from November 1, citing compliance failures. Websites using Entrust certs, like moneygram.com and ey.com, must switch to a new CA to avoid security warnings. Enterprise customers can still trust Entrust.
Read original article
Chrome will no longer trust CA certificates from Entrust starting November 1, due to a history of compliance failures and lack of progress in addressing issues. Websites like moneygram.com and ey.com currently using Entrust certificates will trigger a security warning for users. Website owners must transition to a new CA before the deadline if their certificates are issued by Entrust. Google advises website owners to act promptly, while enterprise customers can choose to continue trusting Entrust. Google may implement similar actions across its products in the future. Detailed information and a FAQ are available on Google's roadmap.
Related
BeyondCorp (2014)
Google's BeyondCorp approach rethinks enterprise security by moving away from traditional perimeter security to enhance protection in the changing tech environment. Visit the link for more details on this innovative strategy.
More Memory Safety for Let's Encrypt: Deploying ntpd-rs
Let's Encrypt enhances memory safety with ntpd-rs, a secure NTP implementation, part of the Prossimo project. Transitioning to memory-safe alternatives aligns with broader security goals, supported by community and sponsorships.
If you're using Polyfill.io code on your site – remove it immediately
A Chinese organization acquired polyfill.io, infecting 100,000+ websites with malware. Security warnings urge removal of its JavaScript code. Google blocks ads on affected sites. CDN mirrors aim to reduce risks.
Cloudflare automatically fixes Polyfill.io for free sites
Cloudflare replaces polyfill.io links with their mirror under cdnjs to enhance Internet safety, addressing concerns of malicious code injection. Users urged to switch to Cloudflare's mirror for improved security.
Namecheap Takes Down Polyfill.io Service Following Supply Chain Attack
Namecheap took down Polyfill.io due to a supply chain attack. Malware was distributed to 110,000 websites, redirecting mobile users to a betting site. Google warned affected pages. Users should remove Polyfill.io and consider alternatives like Cloudflare or Fastly.
2 commentsRelated
BeyondCorp (2014)
Google's BeyondCorp approach rethinks enterprise security by moving away from traditional perimeter security to enhance protection in the changing tech environment. Visit the link for more details on this innovative strategy.
More Memory Safety for Let's Encrypt: Deploying ntpd-rs
Let's Encrypt enhances memory safety with ntpd-rs, a secure NTP implementation, part of the Prossimo project. Transitioning to memory-safe alternatives aligns with broader security goals, supported by community and sponsorships.
If you're using Polyfill.io code on your site – remove it immediately
A Chinese organization acquired polyfill.io, infecting 100,000+ websites with malware. Security warnings urge removal of its JavaScript code. Google blocks ads on affected sites. CDN mirrors aim to reduce risks.
Cloudflare automatically fixes Polyfill.io for free sites
Cloudflare replaces polyfill.io links with their mirror under cdnjs to enhance Internet safety, addressing concerns of malicious code injection. Users urged to switch to Cloudflare's mirror for improved security.
Namecheap Takes Down Polyfill.io Service Following Supply Chain Attack
Namecheap took down Polyfill.io due to a supply chain attack. Malware was distributed to 110,000 websites, redirecting mobile users to a betting site. Google warned affected pages. Users should remove Polyfill.io and consider alternatives like Cloudflare or Fastly.