Microsoft rejecting emails as spam

Microsoft blocks emails from legitimate sources

Once again in the war on spam, there are friendly casualties. Many users are reporting that their emails are not getting through to Hotmail and Outlook.com users. Some of our clients are reporting that they are not receiving emails to their Microsoft email addresses from us. This of course risks users not receiving important emails about their domains and services. Read More

3 million Let’s Encrypt certificates to be cancelled

Let's Encrypt CAA flaw

Let’s Encrypt revoked certificates

Let’s Encrypt has announced that it is to revoke aroound 3 million TLS/SSL certificates because of a serious flaw found in the CAA (Certificate Authority Authorization). The certificates will be revokend on the 4th March 2020 from 00:00 UTC. Read More

Apple reduces SSL/TLS certificates accepted lifespan to 1 year

Apple will not trust SSL of more than 1 year

What has Apple done

Apple has decided that they will no longer support TLS/SSL certificates that have a valid period of more than 1 year (398 days to be exact) as of 1st September 2020. This means that if, after that date, you order a certificate for your website that has a longer valid period then it will not be trusted on any Apple system, including iPhones, iPads, Apple computers, Safari, etc.
The policy that was unveiled at a Certificate Authority Browser Forum (CA/Browser) meeting on Wednesday (19/02/2020). Accordingly certificates issued after 1st September 2020 will not be trusted if they are longer than 1 year (398 days) but those that were issued before that date will still be honoured. Read More

2 years for the price of 1 on any new .UK domain name

Today over 3 million UK businesses and millions more consumers use a domain name ending in .uk.

The UK Domain family, including .co.uk, .uk, .org.uk and .me.uk is managed and operated by Nominet.

From Tuesday the 1st October until Thursday 31st October 2019 we will be running a fantastic promotion for everyone who wants a new domain name. If you have been thinking of getting a domain name or getting a new one then now is the time.

You can now get 2 years for the price of 1 on any .UK domain name. That is any domain name that ends in .UK, .CO.UK, .ORG.UK or .ME.UK.

Look for you perfect .UK domain name now.

2 years for the price of 1 .UK family

Terms and Conditions for 2 years for the price of 1 .UK family domains name registration

The Promotion

Register any new .UK family domain (includes .UK, .CO.UK, .ORG.UK & .ME.UK) for 2 years at the same price as 1 years During October 2019. In effect you get 1 year registration free.
The promotion only applies to new registrations from the .UK family of Top Level Domains (TLDs) as above. Renewal will be at the then prevailing normal price for renewals of these domain names. See store for a guide to the renewal price. The renewal price stated now may not be the same as the price when it comes to renewal as prices can change but we try to keep you informed of price changes.
New registrations of .UK family domains are subject to both our terms and conditions of sale and the Nominet terms and Conditions. Please ensure you have read both before buying your domain as you are bound by both on completion of purchase.
The Nominet terms and conditions can be found here:

 

Nominet Terms and Conditions

Exclusions

All other Top Level Domains (TLDs) are excluded from the promotion.
All transfers or renewals of .UK family domains are excluded from the promotional price.
All transfers and renewals of any other TLDs are excluded from the promotion.

Other conditions

Please note that we may withdraw this promotion at any time without explanation. The offer is otherwise valid from 1st October 2019 until 17:30 31st October 2019.

 

The Death of EV SSL Certificates

It was reported some months ago that Google Chrome among other browsers were looking in to the fact that Extended Validation SSL certificates were not really worth the money or effort nor working as intended for use.

The Identified Issue

The Chrome developers at Google questioned the validity of E.V. certificates some months ago after carry out research with users. They discovered that it made absolutely no difference to users behavior when entering credit card or username and password information on websites. In fact most users do not even know the difference between a bottom of the range ACME (Automated Certificate Management Environment) certificate provided by the likes of Let’s Encrypt and the top of thee range, most expensive E.V certs. They called for action to be taken in this but no solution has been found to correct this.

The Result

The results of this research, combined with the fact that the E.V. certificates take up much needed space on the address bar, and it has been dropped on most mobile platforms already is that it will now be removed from Chrome. Mozilla has said it will also be removing it from Firefox in the very near future as well. Going forward all browsers will move the E.V information to the Certificate information section which needs to be clicked to be seen. This move basically renders the E.V certificate dead. They cost substantially more than any other type of certificate and are much harder to obtain due to the level of scrutiny required to obtain one.

What Are The Differences Between SSL Certificates

The different types of certificate available to websites were meant to be a representative of how secure or how much trust you could give to the website. a basic ACME type of certificate provided by the likes of Let’s Encrypt is the bottom of the range. There is absolutely no trust in the company or entity that owns the domain or website. There is  no checks made on them. So if they put up a website that looks like you local bank, it matter not to the certificate supplier as they are not looking at it. The ACME certificates are automatically installed and renewed as long as the basics can be verified. That being that the DNS records can have one added to it and it is hosted on that server. This is the cheapest type as they are usually free and only come in the basic encryption level.

The cheapest paid for certificates are much the same but there is a check on the domain made that means that an actual person has to verify they own the domain name by way of an email sent to an email address on the domain, such as admin, administrator or webmaster. This only proves that the person asking for the certificate is an actual person who has access to the domain and email account. These are also know as D.V. (Domain Vetted) certificates.

The next level up is O.V. (Organisation Vetted) certificates. These are a bit more expensive but give the user some information about the organisation behind the certificate so that they can be more sure of who they are dealing with. These require the issuing authority to check the person/company actually exists before issuing a certificate. They therefor take longer to issue than the ACME which are instant and the DV certificates which are usually within an hour.

The next Level is the E.V. (Extended Validation) certificates. These are much harder to get as there is a lot more checks carried out by a human being in the issuing authority and so the cost is much higher for them. They use to give you a green bar at the top and a green padlock on other browsers. The should have allowed visitors to know that you have been fully vetted and can be trusted to take credit card details. They were akin to the old fashioned banks. In the Old Wild West, there was a big problem with banks opening up, taking in customer deposits and then disappearing by morning, in some cases a while later, but you get the idea. They would open up, take money in and then as quick as they arrived they were gone, with all the money. That is why banks have big buildings that cost lots of money, to show that they were there fro the long haul and were trust worth. The average conman did not want to spend any money on something he was going to throw away. EV certificates were the same for the internet. Deliberately expensive and hard to get so that the holder of one could show they were trustworthy and not a conman.

Sadly, people have not recognised this and as there has been no way proposed to correct this, the browsers who are responsible for showing you the difference are moving the only identifiers to a location very few people ever look.

Having the display of the extra security that the EV certificates provide is not in line with Chromes goal of security by default and then showing those who are not secure in a bad light, rather than promoting those who make things extra secure. There is still a case use for the OV and DV certificates but the EV certificates will probably be phased out as there is little benefit to them above an OV certificate.

Only time will tell, for the moment though you can get any of these certificates in our store and the ACME certificates are available on all new hosting accounts as well.

Stay Safe.

 

CritchCorp Computers Support

 


photo credit: Link to EpicTop10.com SSL via photopin (license)