Root Causes: A PKI and Security Podcast

Root Causes 209: One-Day Deployment of Certificate Lifecycle Management (CLM) Platforms

28 Feb 2022

Contributed by Lukas

For any Certificate Lifecycle Management platform to succeed, effective deployment is essential. Our hosts are joined by Sectigo SVP of Global Sales J...

Root Causes 208: Automotive Information Systems Bricked by HD Radio Error

24 Feb 2022

Contributed by Lukas

A major automobile manufacturer recently had a problem where its infotainment systems were permanently "bricked" by a flaw in local HD radio broadcast...

Root Causes 207: Former Gartner Analyst David Mahdi Jumps on the Playing Field

21 Feb 2022

Contributed by Lukas

Gartner analyst David Mahdi recently left the analyst space for Sectigo. In this episode he joins our hosts to explain the reasons for his optimism ab...

Root Causes 206: What Is Web3?

13 Feb 2022

Contributed by Lukas

Web3 refers to the concept that online content can be attributed to specific known publishers, regardless of web site or online channel. In this episo...

Root Causes 205: Anatomy of an Encrypted Peer-to-Peer Mesh Network

09 Feb 2022

Contributed by Lukas

Secure online collaboration poses logistical and technical challenges under the best of circumstances. Now imagine you have no designated IT staff, n...

Root Causes 204: PKI's Role in Passwordless

02 Feb 2022

Contributed by Lukas

In previous episodes we have defined passwordless identity authentication. In this episode our hosts explain PKI's specific role in passwordless authe...

Root Causes 203: What Is a Credential Vault?

31 Jan 2022

Contributed by Lukas

Credential vaults are necessary for secure and functional secrets management for automated systems like DevOps or Robotic Process Automation (RPA). Th...

Root Causes 202 : What Is Certificate Transparency?

27 Jan 2022

Contributed by Lukas

Certificate Transparency (CT) is essential to monitoring the public SSL certificates that are issued. In this episode we explain what CT logs are, how...

Root Causes 201: What Are the Baseline Requirements?

24 Jan 2022

Contributed by Lukas

The CA/Browser Forum Baseline Requirements (BR) are hugely influential in the world of public-trust certificates. In this episode we explain what the ...

Root Causes 200: Why Not to Copy and Paste Commands from Web Pages

19 Jan 2022

Contributed by Lukas

This episode describes newly revealed vulnerabilities where copying and pasting text from a web page can open the site visitor up to attack. Our hosts...

Root Causes 199: What Is Privileged Access Management?

13 Jan 2022

Contributed by Lukas

In this episode we explain Privileged Access Management (PAM). We go on to explain some of the ways that networks using these techniques are still vul...

Root Causes 198: Deep Voice Fakes

11 Jan 2022

Contributed by Lukas

We are all familiar with phishing in its various forms. Many people feel that they can protect themselves from fraud by verbally confirming apparent c...

Root Causes 197: Tim's Digital Haircut

07 Jan 2022

Contributed by Lukas

In this episode our hosts describe the extreme degree to which all business has become digital business, even the most offline businesses you can thin...

Root Causes 196: What Is Certificate Agnostic?

03 Jan 2022

Contributed by Lukas

In 2021 the certificate industry saw the emergency of the concept of "CA agnostic." However, that is only part of the story. In this episode our hos...

Root Causes 195: iOS App Privacy Audits

27 Dec 2021

Contributed by Lukas

The latest update of iOS includes new capabilities for app privacy auditing and permissions. Our hosts explain the controls available on iOS and Andro...

Root Causes 194: Crypto Versus Cryptocurrency

20 Dec 2021

Contributed by Lukas

Exploding interest in cryptocurrency has caused the word crypto to take on new meanings that were not part of the public dialog even a few years ago. ...

Root Causes 193: 4 Positive Security Trends for 2022

16 Dec 2021

Contributed by Lukas

Our hosts look back at four positive security trends in 2021 that industry should continue in 2022.

Root Causes 192: 14 Security Fallacies We Still Have in 2021

13 Dec 2021

Contributed by Lukas

In this year-end lookback episode, our hosts describe 14 common fallacies that still haunt IT professionals in 2021 - and the negative effects those f...

Root Causes 191: What Is Robotic Process Automation (RPA)?

08 Dec 2021

Contributed by Lukas

An important trend sweeping enterprise IT is Robotic Process Automation. Our hosts define RPA and explain the importance of cryptographically secured ...

Root Causes 190: Phishing Coinbase

29 Nov 2021

Contributed by Lukas

In continuation of our ongoing exploration of blockchain and cryptocurrency, our hosts describe a recently discovered exploit where attackers use weak...

Root Causes 189: What Is CA Agnostic?

17 Nov 2021

Contributed by Lukas

Certificate Lifecycle Management (CLM) platforms can deal with certificates from a number of sources. A CLM that can provision certificates of all typ...

Root Causes 188: Introduction to Web Security

11 Nov 2021

Contributed by Lukas

Malware and other web site attacks are a frequent problem for small businesses and can result in reputational damage and site access being blocked or ...

Root Causes 187: Apple Limits Term for S/MIME Certificates

07 Nov 2021

Contributed by Lukas

Apple recently announced that it would be limiting the allowable term for public S/MIME certificates to 825 days. Our hosts explain the implications o...

Root Causes 186: Digital Signature SNAFU Costs Swiss Company 3 Billion Euro Contract

04 Nov 2021

Contributed by Lukas

In this episode our hosts explain how an esoteric digital signature error rendered a 3 billion Euro manufacturing contract with the Austrian governmen...

Root Causes 185: EU Covid Passport Root Key Stolen

01 Nov 2021

Contributed by Lukas

The root certificates of the EU's Covid Passport program have suffered a private key compromise and counterfeit passports are now for sale on the blac...

Root Causes 184: Popular College WiFi Vulnerability Revealed

26 Oct 2021

Contributed by Lukas

Recent research reveals that certificate misconfiguration in a commonly used college WiFi platform that can lead to exposure and theft of users' login...

Root Causes 183: New MSCA Attack Toolkits

21 Oct 2021

Contributed by Lukas

At this year's BlackHat, a talk and white paper detailed the threat of MSCA root key attacks, which can be used to create unauthorized certificates. ...

Root Causes 182: Let's Encrypt Root Expiration

18 Oct 2021

Contributed by Lukas

Let's Encrypt's recent root expiration caused widespread service outages and other hassles for online services and sites. Our hosts discuss this expir...

Root Causes 181: Limitation of DCV Through Web Site Changes

29 Aug 2021

Contributed by Lukas

This December will see a meaningful change in how CAs are allowed to conduct Domain Control Validation (DCV) using the method known as https token or ...

Root Causes 180: PetitPotam MSCA Attack

26 Aug 2021

Contributed by Lukas

The PetitPotam attack against Microsoft CA has garnered a lot of attention. Our hosts describe this attack and define related terms like Mimikatz, pas...

Root Causes 179: Standards for Certificates Apart from SSL

23 Aug 2021

Contributed by Lukas

Regular followers of this podcast hear a great deal about SSL, the CA/Browser Forum, and the standards governing public SSL. But SSL is not the only r...

Root Causes 178: Stealing Cryptocurrency

20 Aug 2021

Contributed by Lukas

In this episode our hosts go through the various ways in which cryptocurrency can be stolen or lost, including private key compromise, security failur...

Root Causes 177: What Is Passwordless?

09 Aug 2021

Contributed by Lukas

A hot, new topic in the identity space is passwordless. Join our hosts as they explain credential form factors and offer a specific definition of pass...

Root Causes 176: Introducing State-Locality Exclusivity

05 Aug 2021

Contributed by Lukas

Sectigo is implementing an important change to its public-facing SSL certificate business, which we call State-Locality Exclusivity. This change remov...

Root Causes 175: What Is a Linter?

02 Aug 2021

Contributed by Lukas

Linters have been a standard programming tool for more than four decades. This venerable coding tool has recently taken on new significant in the worl...

Root Causes 174: Windows 11 and TPMs

27 Jul 2021

Contributed by Lukas

Microsoft has announced that its upcoming Windows 11 release will require TPM 2.0 support at a minimum. TPM 2.0 enables more modern hashing and encryp...

Root Causes 173: Whitelisting and Blocklisting

22 Jul 2021

Contributed by Lukas

Whitelisting and blocklisting are tried and true elements of the computer industry. In this episode our hosts define whitelisting and blocklisting an...

Root Causes 172: What Is an NFT?

13 Jul 2021

Contributed by Lukas

If you have paid any attention at all to popular media in the past few months, you will have heard about non-fungible tokens, or NFTs. NFTs are a meth...

Root Causes 171: The Off-by-One-Second Problem

08 Jul 2021

Contributed by Lukas

Today our hosts explore an esoteric but important error in public certificates that we call the off-by-one-second problem. We explain this problem, ho...

Root Causes 170: Why Is Canada So Good at Cryptography?

01 Jul 2021

Contributed by Lukas

In celebration of Canada Day, our hosts discuss why Canada in particular offers a disproportionately large contribution to cryptography. We examine hi...

Root Causes 169: Bitcoin and the Anonymity Fallacy

25 Jun 2021

Contributed by Lukas

In the developing story of the Colonial pipeline ransomware attack, the FBI recently recovered the ransom money, which had been paid in Bitcoin. In th...

Root Causes 168: The Difference Between e-Signing and Digital Signing

21 Jun 2021

Contributed by Lukas

In our technology discussions we frequently run into confusion about the relationship between electronic document signing and digital document signing...

Root Causes 167: Colonial Pipeline Ransomware Attack

15 Jun 2021

Contributed by Lukas

The recent ransomware attack against the Colonial pipeline has captured the news cycles in recent weeks. In this first episode of two our hosts begin ...

Root Causes 166: The Trouble with OU Fields

07 Jun 2021

Contributed by Lukas

Of all aspects of public SSL certificates, few are as controversial as the OU field. Standing for Organizational Unit, this field is beloved by a few ...

Root Causes 165: Blockchain - Proof of Work Versus Proof of Stake

02 Jun 2021

Contributed by Lukas

In our ongoing examination of blockchain, we define proof of work and proof of stake as consensus algorithms for updating the public ledger. We explai...

Root Causes 164: Examining MFA Through out-of-Band Phone Calling

20 May 2021

Contributed by Lukas

In our ongoing series of episodes on MFA, we explore the plusses and minuses of out-of-band phone calling. Our hosts explain how this form of MFA work...

Root Causes 163: What Puts the I in PKI?

12 May 2021

Contributed by Lukas

PKI stands for Public Key Infrastructure. In this episode we focus on the word infrastructure. Our hosts discuss the key qualities of credential form ...

Root Causes 162: What Is Sideloading?

21 Apr 2021

Contributed by Lukas

In a recent interview Tim Cook took a strong stance against application sideloading as a danger to mobile devices. In this episode we explain sideload...

Root Causes 161: Consensus Algorithms and the Byzantine Generals Problem

15 Apr 2021

Contributed by Lukas

If you pay attention to blockchain and crypto currency, you are sure to hear the phrase consensus algorithm. This concept is fundamental to distribut...

Root Causes 160: Purpose-built Quantum Computers for Breaking RSA

08 Apr 2021

Contributed by Lukas

A new academic paper has described how a purpose-built quantum computer could break RSA encryption in fewer qbits than commonly are thought necessary ...

Root Causes 159: Encrypted Communication Provider Indicted for Drug Trafficking and Money Laundering

31 Mar 2021

Contributed by Lukas

The CEO of Sky Global, a provider of encrypted data devices and services, has been indicted on RICO charges related to drug trafficking and money laun...

Root Causes 158: Exchange Server Vulnerabilities

23 Mar 2021

Contributed by Lukas

The ongoing Microsoft Exchange vulnerability is huge news in the IT world. In this episode our hosts discuss the reasons why on-premises services migh...

Root Causes 157: New Revocation Research

19 Mar 2021

Contributed by Lukas

A recently published study of public revocation information takes a numerical approach to revocation behavior from CAs. Our hosts give their first tak...

Root Causes 156: Kazakhstan Root Attack Revisited

16 Mar 2021

Contributed by Lukas

In the summer of 2019 the Kazakh government attempted to force its citizens to trust its private root, enabling MITM attacks for a variety of potentia...

Root Causes 155: What’s Good for Subscribers Is Good for Relying Parties

11 Mar 2021

Contributed by Lukas

In this episode we explore the relationship between Relying Parties (aka users of online services) and Certificate Subscribers (aka providers of these...

Root Causes 154: Did Claus Peter Schnorr Just Break RSA?

08 Mar 2021

Contributed by Lukas

A recently published paper by a reputable German mathematician and cryptographer has garnered widespread attention for its claim to have destroyed the...

Root Causes 153: Too Many Roots

05 Mar 2021

Contributed by Lukas

Trust models in multi-vendor environments can be particularly tricky. We are joined once again by Tom Tansy, Chairman of the SunSpec Alliance for a ...

Root Causes 152: Digital Certificates and the SunSpec Alliance

02 Mar 2021

Contributed by Lukas

The SunSpec Alliance is an important source of standards for clean energy infrastructure including solar and electric vehicles. To protect our electri...

Root Causes 151: What Is Rustls?

22 Feb 2021

Contributed by Lukas

Rustls is an important emerging alternative to OpenSSL. In this episode we discuss the Rust programming language and the implications of the fact that...

Root Causes 150: This Podcast Is Not About Alan Turing

14 Feb 2021

Contributed by Lukas

Recent news of the discovery of abandoned Enigma machines on the ocean floor inspires our hosts to discuss history's most famous code system, how it w...

Root Causes 149: Municipal Water Poisoning Through Cyber Attack

11 Feb 2021

Contributed by Lukas

In past episodes we have discussed the possibility of cyber attack against civil infrastructure like utilities. That possibility recently became real ...

Root Causes 148: Can Australia Force Sites to Pay for Linking to Content?

08 Feb 2021

Contributed by Lukas

A proposed law in Australia would require sites linking to news articles to pay for the right to link to these articles. While this law appears to be ...

Root Causes 147: Google Titan Secure Key Attack

05 Feb 2021

Contributed by Lukas

Recent research reveals a possible attack that would allow the cloning of the Google Titan secure key. Join our hosts and guest Alan Grau as they desc...

Root Causes 146 : Congolese ccTLD Takeover

01 Feb 2021

Contributed by Lukas

A white hat researcher recently took over .cd, the Democratic Republic of the Congo's ccTLD. The implications of taking over a top-level TLD are of co...

Root Causes 145: Google Chrome to Distrust CA Camerfirma

28 Jan 2021

Contributed by Lukas

A few days ago Google announced that Chrome will distrust Spanish public CA Camerfirma in its upcoming build 90. Our hosts go over the history of brow...

Root Causes 144: Whatever Happened to the Green Address Bar?

25 Jan 2021

Contributed by Lukas

For more than a decade browsers displayed the "green address bar" on sites that had undergone the high authentication required for EV SSL certificates...

Root Causes 143: The Four Pillars of Certificate Automation

21 Jan 2021

Contributed by Lukas

In this episode our hosts explain the Four Pillars of Certificate Automation: deploy, discover, revoke/replace, and renew. They detail what these pill...

Root Causes 142: Removing Street Address and Postal Code from Public Certificates

18 Jan 2021

Contributed by Lukas

On March 1 Sectigo will remove street address and postal/zip code information from its public certificates of all types. Our hosts explain the reasons...

Root Causes 141: The Case for Shorter Certificate Lifespans

11 Jan 2021

Contributed by Lukas

Recent years have seen multiple reductions in the maximum term for public SSL certificates. Our hosts are joined by guest Nick France to discuss the b...

Root Causes 140: SSL Attacks Using BGP (Border Gateway Protocol)

06 Jan 2021

Contributed by Lukas

BGP, or Border Gateway Protocol, controls traffic routing on the internet. Real and theoretical attacks over the years have been revealed against BGP ...

Root Causes 139: Exposed Private Keys in CSR Submissions

03 Jan 2021

Contributed by Lukas

Public CAs recently have discovered a repeated error whereby certificate subscribers accidentally include the private key along with CSR submissions. ...

Root Causes 138: IoT Cybersecurity Improvement Act of 2020

27 Dec 2020

Contributed by Lukas

A new US law called the IoT Cybersecurity Improvement Act of 2020 creates security requirements for IoT devices sold into the US government. Join us a...

Root Causes 137: SolarWinds Supply Chain Attack and Digital Identity

21 Dec 2020

Contributed by Lukas

The SolarWinds Orion supply chain attack is making headlines throughout the tech press. This sophisticated attack includes some unusual manipulations ...

Root Causes 136: 2020 Lookback - Quantum Safe Certificates

17 Dec 2020

Contributed by Lukas

In the third of our year-end lookback episodes, we discuss 2020's progress in the quest for quantum-safe encryption. This includes narrowing the NIST ...

Root Causes 135: The Heartbleed Vulnerability

14 Dec 2020

Contributed by Lukas

In April 2014 a software vulnerability called Heartbleed was discovered in OpenSSL. Heartbleed made it possible for attackers to send commands to web ...

Root Causes 134: 2020 Lookback - SASE and Zero Trust Architecture

09 Dec 2020

Contributed by Lukas

2020 was a big year for SASE (Secure Access Service Edge). Our hosts define SASE, ZTNA (Zero Trust Network Architecture), and SDP (Software Defined P...

Root Causes 133: 2020 Lookback - COVID-19

07 Dec 2020

Contributed by Lukas

In 2020 the COVID-19 pandemic changed the way we work. IT departments had to gear up for near-ubiquitous work-from-home (WFH) requirements while maint...

Root Causes 132: Examining MFA Through Soft Tokens

04 Dec 2020

Contributed by Lukas

In our ongoing examination of MFA, our hosts examine authentication through soft-token OTP (one-time passcode). They go over the potential benefits an...

Root Causes 131: Apple OCSP Slowdown Explained

29 Nov 2020

Contributed by Lukas

The recent release of Apple's Big Sur OS appears to have driven a temporary slowdown in the company's OCSP responders, affecting code updates across a...

Root Causes 130: How to Get Rid of Password Breaches

24 Nov 2020

Contributed by Lukas

Massive password breeches have been so repeatedly prevalent for so many years that as an industry and a society we've just started to accept them as a...

Root Causes 129: Examining MFA Through Hard Tokens

19 Nov 2020

Contributed by Lukas

Hard tokens are one of the oldest multi-factor authentication (MFA) form factors there is, and still in use today. In the latest in our series of expl...

Root Causes 128: What Is Total Certificate Agility?

12 Nov 2020

Contributed by Lukas

First we had crypto agility, which is how we ensure our cryptography stays current with the needs of security. Expanding on this concept, industry lea...

Root Causes 127: What Does a Chief Compliance Officer at a Public CA Do?

05 Nov 2020

Contributed by Lukas

Our co-host Tim Callan has changed his title to Chief Compliance Officer. Join him and co-host Jason Soroko as they discuss what compliance means at a...

Root Causes 126: IoT Ransomware

28 Oct 2020

Contributed by Lukas

New research shows how ransomware attacks could be launched against IoT devices. Our hosts are joined by Alan Grau to understand these attacks and wha...

Root Causes 125: Digital Identity Versus IAM

08 Oct 2020

Contributed by Lukas

Digital certificates and PKI provide digital identity and access. Identity and Access Management (IAM) is a huge technology category featuring major ...

Root Causes 124: Biometric MFA

05 Oct 2020

Contributed by Lukas

As part of our ongoing series on the pros and cons of various forms of multi-factor authentication (MFA) in this episode we explore biometrics. Our ho...

Root Causes 123: Asymmetric Versus Symmetric Encryption

01 Oct 2020

Contributed by Lukas

One of the cornerstones of the success of PKI and digital certificates is their dependence on an asymmetric encryption model. In this episode our host...

Root Causes 122: Passwordless Authentication for Apple OS

28 Sep 2020

Contributed by Lukas

Our hosts are joined by Joel Rennich of Jamf to talk about passwordless authentication and access for various Apple platforms. Joel explains the varie...

Root Causes 121 : What Is a Hardware Security Module?

21 Sep 2020

Contributed by Lukas

A Hardware Security Module, or HSM, is a piece of hardware that securely stores secret material such as cryptographic keys. Join our hosts as they exp...

Root Causes 120: PKI and SASE

18 Sep 2020

Contributed by Lukas

SASE (Secure Access Service Edge) is a new term to describe the complexity of authenticating access across today's diverse and heterogeneous computing...

Root Causes 119: What Is Crypto Agility?

14 Sep 2020

Contributed by Lukas

Security industry insiders sometimes use the phrase "crypto agility." In this episode our hosts define crypto agility - or cryptographic agility. They...

Root Causes 118: Quantum Apocalypse - What Is a Hybrid Certificate?

07 Sep 2020

Contributed by Lukas

As part of its quantum safe initiative, Sectigo is now offering its Quantum Safe Kit, which enables the creation of hybrid TLS certificates. In this ...

Root Causes 117: Why Default Deny Matters to the CA/Browser Forum

04 Sep 2020

Contributed by Lukas

This year the CA/Browser Forum has put considerable discussion into the concept of "default deny." It's a philosophy for how to interpret potential am...

Root Causes 116: Ripple20 Exposes TCP/IP Vulnerabilities for IoT

30 Aug 2020

Contributed by Lukas

Ripple20 is a recently announced set of documented vulnerabilities in the early Treck TCP/IP stack, a popular choice for early IoT devices. Our hosts ...

Root Causes 115: Signed HTTP Exchange (SXG) Certificates

27 Aug 2020

Contributed by Lukas

Accelerated Mobile Pages, or AMP, is a Google standard for packaging web content for consistent and usable display on mobile devices. SXG certificates...

Root Causes 114: Is Quantum Computing a Threat to SHA-2?

21 Aug 2020

Contributed by Lukas

Quantum computers' threat to standardized encryption algorithms RSA and ECC has been much discussed. But what about our hashing algorithms? Do quantum...

Root Causes 113: What Is Certificate Pinning?

18 Aug 2020

Contributed by Lukas

Certificate pinning is the practice of coding software to demand the presence of a specific certificate brand or root in order to function correctly. ...

Root Causes 112: Introducing Sectigo Quantum Labs

13 Aug 2020

Contributed by Lukas

For more than a year Sectigo has been providing the market with information to understand what we all must do to change our cryptography to prepare fo...

Root Causes 111: Secure Data Interconnects

10 Aug 2020

Contributed by Lukas

Distributed data centers are extremely common in today's computing environments. Unencrypted replication of data across these centers leaves data open...

Root Causes 110: Single-domain, Multi-domain, and Wildcard SSL Certificates

06 Aug 2020

Contributed by Lukas

When you obtain an SSL certificate, you can choose between single-domain, multi-domain, and wildcard certificates. Join our hosts as they explain the ...