RSS feed Get our RSS feed

News by Topic

BizReport : Internet : March 10, 2017

Venafi: One in five websites at risk by still using SHA-1

Are your websites still using SHA-1 certificates? Hopefully not, but if you are you are not alone, according to new research from Venafi.

by Helen Leggatt

One in five (21%) of websites tested by Venafi were found to be using SHA-1 certificates. While that is a decrease from 36% in November, 2016, that means there are still many websites that offer a less-than-safe online experience, leaving both themselves and their visitors open to security breaches, compliance issues and outages.


Furthermore, websites that continue to use SHA-1 could be rendered unavailable to some, depending on security settings, potentially increasing incoming help-desk calls as frustrated users look to find out what the issue is or a drop in profits as users head elsewhere.

In October last year, Mozilla announced that SHA-1 was no longer secure, with Microsoft repeating the message a month later. Even back in 2014 Google announced it would be phasing out SHA-1, calling it a "slow-motion emergency.

"The results of our most recent analysis are not surprising," said Kevin Bocek, chief security strategist for Venafi. "Even though most organizations have worked hard to migrate away from SHA-1, they don't have the visibility and automation necessary to complete the transition. We've seen this problem before when organizations had a difficult time making coordinated changes to keys and certificates in response to Heartbleed, and unfortunately I'm sure we are going to see it again."

Check out Venafi's 7-step guide to SHA-1 to SHA-2 migration.

Tags: certificate, security, SHA-1, SSL

Subscribe to BizReport



Copyright © 1999- BizReport. All rights reserved.
Republication or redistribution of BizReport content is expressly prohibited without the prior written consent.
BizReport shall not be liable for any errors in the content, or for any actions taken in reliance thereon.