I don’t know what people of the future will think when someone mentions the year 2017, but for me, it was the year of cybersecurity. It was the first year I felt that cybersecurity got the attention that experts had been trying so hard to give it years prior – not necessarily in the way they wanted it but that’s another story.
The news in 2017 was filled with cyber-attacks and privacy was a main concern. Businesses have started to see the need for securing their networks, some maybe too late, and the cost of a cyber-attack has soared with consumers finding it difficult to trust a company after an attack. This year has been filled with cyber-turmoil and triumph; GlobalSign and many other tech companies have been working hard to keep people informed and secure.
We have aimed to bring you at least eight blog articles a month that notify, fascinate and inspire everyone from consumers and business owners to cybersecurity experts themselves. Without further ado, I would like to share the top 10 blog posts we published last year just in case you missed them.
In at number one is our guide to HSTS written by guest blogger Denver Prophit Junior. Denver has been working in secure website hosting since 2005 and is an open source software evangelist. His blog has helped many website owners protect their users from hacking.
The truth is, SSL Certificates are not enough. You might be relying on 301 redirects to move your HTTP website over HTTPS but a hacker can intercept this. A website that truly uses HTTPS does this over HTTP Strict Transport Security or HSTS. Denver shows you how to set-up this server directive and force all connections to happen over HTTPS.
Just some of the big names that have been involved in a man-in-the-middle attack this year? Amazon AWS, Popcorn Time, Lenovo, Apple, WhatsApp, Wordpress, Xbox and Windows DNS.
Man-in-the-middle attacks can happen everywhere. From your mobile device to your website. And they are only increasing. In this blog, GlobalSigner Ricky Publico explains how the attack works and how you can prevent one from happening to you.
In early 2017, Chrome allowed you to click on the padlock and instantly view the details of an SSL Certificate…until they released an update that hid those SSL Certificate details in the developer panel just a couple of extra clicks away. A couple of clicks might not seem like many but it was enough to really confuse people. Recently, Chrome decided to change it back so that you can find the certificate information by clicking on the padlock. Confused much?
With browsers constantly updating certificate view, we thought it would be prudent to share a guide so you always know what the latest method is. We have created this guide, not just for Chrome, but for the other browsers too. Being the third most popular blog of 2017 must mean that people have been as confused as us on this one!
In 2016, we wrote a blog and shared a video that showed exactly how a hacker can create and send emails from a fake email address. We said it before and we will say it again, there is no way to know an email is real or fake. S/MIME is a great way to help combat this.
With an S/MIME Certificate, you can start digitally signing and encrypting your emails. Signing them helps the receiver verify your identity, while encrypting them keeps the contents locked down until they are received by your intended receiver (who also has been verified with an S/MIME Certificate). Most desktop email clients support S/MIME, so we suggest you start looking at using it within your business to protect sensitive information falling into the wrong hands and to help employees differentiate legitimate emails from imposters.
Another guest blog, this time one from Pickaweb’s Co-Founder, Tony Messer. Tony is an expert website and web hosting and wanted to show you how you can find out if your website is being used to spread malware.
It’s a common misconception to think that a hacker normally defaces a website or creates their own phishing site; they can also use your website to distribute malware without you knowing anything about it! Tony shows you how you can scan for malware and what steps you can take to remove it if you find it.
Hopefully you haven’t yet been duped by a phishing website. But if you have, you know that it’s not that difficult since many phishing sites are very sophisticated and look almost exactly like the sites they pretend to be.
Using a homograph attack and other means, a hacker can purchase a domain that looks almost exactly like the site they are copying, they can secure it with a free DV SSL Certificate and they can use a combination of other techniques to get the website in front of the average consumer long enough to convince them to put in their credentials.
An example of a common scam is a PayPal email claiming that something is wrong with a payment or your account and asking you to log in. When you click the link to log in, you are taken to a phishing site and once you enter your credentials, the hackers can access your PayPal account and make purchases from it. Arm yourself with our tips for spotting fake websites in our sixth most popular post.
I have seen many common name mismatch errors in my time and it got me thinking, should we write something about it? So I enlisted the help of our Client Services Global Support Manager, Linus Hallberg to create a blog that would not only explain why the error is happening, but also how to fix it.
On Chrome, the error is displayed as NET:ERR_CERT_COMMON_NAME_INVALID and it happens when the name listed in the CN field on your SSL Certificate is not the same as the name in the address bar of the browser. This can happen for a number of reasons so if you (or anyone you know) are having this problem, this blog should help you troubleshoot.
At London’s Cloud Security Expo 2017, our Senior Sales Engineer, Govind Yadav stood on stage and spoke about cryptographic key storage. This topic was very popular and he was keen to use the blog as a stage to expand on this idea. Commonly, people buy a digital certificate, install it and put it to good use but once its installed, storage of cryptographic keys is forgotten.
Let’s not forget that if a hacker gets hold of your key, your certificates are rendered useless and if you lose your key, it cannot be recovered since CA’s like us do not keep them ourselves. If you use digital certificates, you should definitely check out our tips on keeping your keys safe and secure in this post.
In many regulated industries, it is important to keep a record of documents going in and out of the business for legal purposes. If, for example, a customer starts a legal battle with your business over a contractual agreement, it is often helpful to have a record of when the agreement was digitally created, altered, signed and so forth. This is known as timestamping and often works hand in hand with Digital Signatures and code signing.
Timestamping is a fairly technical process so we take some time to explain it in this post.
In at number ten is our blog on Certificate Signing Requests or CSRs. Every time you order a digital certificate from a CA, a CSR is required to create and issue the certificate. Most first timers will have not heard of a CSR or know how to generate one, which is why we created this post.
We look at a CSR in more detail and share a link to our support articles explaining how to create one in each type of server or environment.
What’s In Store for Next Year?
It has been a crazy year for cybersecurity and perhaps next year will be even more crazy. But that won’t stop us from creating content to help you understand public key infrastructure and the ever-evolving world of cybersecurity in general, to help secure every environment and endpoint you have.
We are constantly brainstorming new blogs to share with you but if you have something you would like us to create, we welcome you to tell us on our Twitter. And if you’d like to stay in touch with our blog, feel free to subscribe and get our blogs straight in your inbox.