Blog Posts Tagged with "DigiNotar"
April 08, 2012 Added by:Rafal Los
We've seen a few of the largest CAs get compromised and fake certificates end up in the hands of nation-states which wanted to spy on their population. It goes without saying that there are likely more attacks that we've simply either not picked up or were unreported...
January 03, 2012 Added by:Headlines
As 2011 was such an eventful year where security is concerned, no doubt many readers will point to numerous instances where they feel an episode was overlooked that should have been included in the top ten - but hey, you have to draw the line somewhere...
January 03, 2012 Added by:Electronic Frontier Foundation
At EFF we are big fans of HTTPS, the secure version of HTTP that allows for private conversations between websites and users who are browsing them. Though we've known that this system has been flawed for a while now, last year there were two attacks that acutely demonstrated just how brittle it is...
December 06, 2011 Added by:Headlines
"The Diginotar attack was an attack on the foundations of secure electronic communications (email, web browsing, web services). The above-mentioned issues should be addressed by industry and governments, to guarantee the security of service in the digital society..."
September 20, 2011 Added by:Headlines
Security provider Barracuda Networks has warned of a spamming campaign targeting Royal Bank of Canada customers. The spam messages falsely notify users that their SSL certificate has expired, and that in order to continue using online banking services they are required to update the certificate...
September 20, 2011 Added by:Headlines
DigiNotar has filed a voluntary bankruptcy petition following a serious breach of security. “We are working to quantify the damages caused by the hacker’s intrusion into DigiNotar’s system and will provide an estimate of the range of losses as soon as possible..."
September 16, 2011 Added by:Headlines
"An unauthorized third party (hacker) has been active on the CA server that is used for issuing qualified certificates... The integrity of the data on the [DigiNotar] server that is used for production and issuance of qualified certificates is therefore impossible to guarantee..."
September 13, 2011 Added by:Headlines
“I’m able to issue Windows updates... I already reversed ENTIRE Windows update protocol, how it reads XMLs via SSL, which includes URL, KB no, SHA-1 hash of file for each update, how it verifies that downloaded file is signed using WinVerifyTrust API..."
September 12, 2011 Added by:Rafal Los
When the very authority that helps your computer systems identify who to trust is compromised... who or what is there left to trust? I don't mean to sound alarmist, but if even half the claims this black hat hacker are making are true, we have a severe Defcon 1-style problem on our hands...
September 08, 2011 Added by:Headlines
"The attack on Diginotar doesn't rival Stuxnet in terms of sophistication or coordination. However, the consequences of the attack on Diginotar will far outweigh those of Stuxnet. The attack on Diginotar will put cyberwar on or near the top of the political agenda of Western governments..."
September 06, 2011 Added by:Headlines
"A number of servers were compromised. The hackers have obtained administrative rights to the outside webservers, the CA server Relaties-CA and also to Public-CA. Traces of hacker activity started on June 17th and ended on July 22nd..."
August 31, 2011 Added by:Headlines
"Chrome's hardcoded certificate blacklist actually increased by 247 entries... When a Comodo reseller was hacked back in March and its infrastructure was used to issue rogue certs for Google, Hotmail, Yahoo and other sites, Chrome's blacklist increased with just 10 certs..."
Hacker to Release Symantec's PCAnywhere Sour... Jerry Shaw on 10-05-2015
PoS Malware Kits Rose in Underground in 2014... on 03-17-2015
New PCI Compliance Study... on 03-17-2015