A year or two ago, trusted Micro ISV‘er Andy Brice posted an article entitled The Great Digital Certificate Ripoff? It’s well worth a read as it underlines some of the apparent anticompetitive aspects of this particular market.

I’m very happy to say that the ground is shifting – something interesting is happening. Internet Explorer is pretty much universally despised by tech-savvy users, but its sheer market slice means that only a fool would ignore it. As of now, Internet Explorer (and by extension, Windows) will have a new root certificate installed. The root certificate will be that of StartCom Ltd. Why is this important?

StartCom is the only public certification authority providing digital certificates for free!

The implications for security on Windows are profound. No longer will SSL and code signing certificates be expensive commodities for the little guy. Firefox and Apple have supported StartCom for some time, but thankfully us Windows developers can now get in on it.

The SLL certificates are free and provide:

• Web server certificates (SSL/TLS)
• Client and mail certificates (S/MIME)
• 128/256-bit encryption
• US $ 10,000 insurance guaranteed
• Valid 365 days (1 year)

The code signing certificates require a verified account, but still cost a measley $39, and boast:

Web server certificates (SSL/TLS)

Wild cards (*.domain.com)

Multiple domains (DNS Alt Names)

128/256-bit encryption

Object Code Signing (beta)

Client and mail certificates (S/MIME)

US $ 10,000 insurance guaranteed

2 Years validity (730 days)

Well done to StartCom, and well done to Microsoft. Check out the certificates on offer here.

Related articles by Zemanta

• Long Zheng: Microsoft adds free root certificate authority to Windows (istartedsomething.com)
• EV SSL Certificates — Not Just for Major Organizations (newswire.ca)

I was mooching around the Home Document Manager wordpress back end today when a thought struck me – I hadn’t seen any core or plugin updates for a while. After a bit of investigation, I noticed that 2 plugins had enabled themselves (or had been enabled by some other actor); namely “Disable Wordpress plugin updates” and “Disable Wordpress core updates”. I have never used these plugins so was understandably perplexed by their presence.

After disabling them, all maner of plugin and core updates appeared. I’m not sure if this represents anything sinister, but it’s certainly odd. Anyone else noticed this behaviour?

As of version 5, you can instruct Truecrypt to encrypt your boot partition. This it can do from a running system, and you can carry on working whilst it does its thing.

Truecrypt installs a boot
loader that prompts for a password. Only with the password can your
drive be read, even if taken out of your machine.

I have a couple of USB thumb-drives that I use every day, an
external USB hard drive, and a laptop, all of them eminently
thieve-able. If you’re a micro ISV, you may well have customer details
on there, credit card information, source code etc. If we want to be
trusted with such precious things as a customers details, we should be
protecting those details with the best technology available.

—–