Paul Mutton, a British security expert, says he’s discovered many websites, such as giants like Deloitte, as using SHA-1 certificates that are outdated or inoperable.
SHA-1 is generally accepted to be an outdated form of cipher, with experts agreeing to it being shelved by 2017 due to a lack of suitability to modern systems and threats. However, over a quarter of a million SHA-1 certificates currently issued are scheduled to live beyond 2017, which is why security experts are raising the alarm. Mutton has advised companies need these certificates replaced months, or even years, before 2017. Google regards the certificates as insecure, as it is a pre-heartbleed cipher that lacks the clever algorithms which have since been used.
view the full story here
SOURCE: Darren Pauli, writing for The Register