Melih Abdulhayoglu’s Blog | Insights on Cybersecurity

We are in web sites where we were in 90s for computers! It was a new concept to protect your PC with antivirus products in the 90s.  Now its the norm. Websites and webhosting is where computers were in 90s…still unprotected….still getting hacked and infected…. Today there is a healthy market of selling “malware cleaning” […]

One of the most harmful aspects of DV certificates is giving false sense of security to anyone entering their user names and passwords…the “Form Fields” on websites. When someone enters their private information on a specific website, they think and intend only for that specific website to receive it. The user thinks they are making […]

Ryan Hurst of Google, who I  agree with in majority of the cases, have put this post where he rightfully argued about the work that needs to be done to make EV certificates more relevant. I couldn’t agree more! He is spot on when it comes to problems with EV and he has my 100% support […]

Sometimes people fight over same things, because they define them differently. Cybersecurity, cryptography has come a long way where we use ciphers to protect data and enable encryption. But all these terms are still maturing. That’s why I am writing this blog…..to put a definition to these terms…. Cryptography: This term is made up of […]

Background: There is a type of certificate called DV certificate. These certificates have a positive security indicator, like a Padlock or “Secure” indicator. Here is an example of a DV certificate enjoying a security indicator..a green “Secure” with a padlock. Problem: As you probably have noticed, this is not a PayPal site. Its a phishing […]

And yes, 85 million plus endpoints are immune to ransomware attacks….proof!!!!! Recent attack that wrecked havoc in Europe is attributed to a ransomware called Wcry (WannaCry). Problem: Solution to prevent any Ransomware exists, people are unaware of the solution. How does Ransomware WannaCry work?: Once on user computer it wants to: 1)Read all your data […]

Here we are conversing with Ryan at Google, I must admit this has been a very healthy discussion where opinions are expressed and ideas are shared…..and few blogs later we arrive at crossroads…… -Do we (as the computer industry) accelerate investment (I say accelerate as there is already a momentum) in automation…. OR -Do we […]

We continue to exchange ideas, information and photos… And here is my latest response to the latest response First of all, the author is unaware that my company has built the most sophisticated Certificate Management system that can automatically request, issue, renew and manage the whole lifecycle of the certificate. Many Fortune 500 companies rely […]

My response to a recent blog has resulted in a quick response that I feel obliged to respond. First of all, the positive: Agreement on the need to invest on a new revocation infrastructure. “Basically, I see the value in revocation checking and think the investments need to be made to make it work and […]

Some in the industry have responded to my post about the need for the revocation infrastructure. They put forward an argument defending the need for short lived certificates by saying: “the main reason for them is to address the issue of key compromise“.  They followed it by “The most important thing to keep in mind […]