Blog Posts Tagged with "DigiNotar"
The Growing Importance of Protecting Certificate Authorities
April 08, 2012 Added by:Rafal Los
We've seen a few of the largest CAs get compromised and fake certificates end up in the hands of nation-states which wanted to spy on their population. It goes without saying that there are likely more attacks that we've simply either not picked up or were unreported...
Comments (0)
Top Ten Information Security Events from 2011
January 03, 2012 Added by:Headlines
As 2011 was such an eventful year where security is concerned, no doubt many readers will point to numerous instances where they feel an episode was overlooked that should have been included in the top ten - but hey, you have to draw the line somewhere...
Comments (0)
Ever-Clearer Vulnerabilities in Certificate Authority System
January 03, 2012 Added by:Electronic Frontier Foundation
At EFF we are big fans of HTTPS, the secure version of HTTP that allows for private conversations between websites and users who are browsing them. Though we've known that this system has been flawed for a while now, last year there were two attacks that acutely demonstrated just how brittle it is...
Comments (0)
ENISA Releases DigiNotar Report: Operation Black Tulip
December 06, 2011 Added by:Headlines
"The Diginotar attack was an attack on the foundations of secure electronic communications (email, web browsing, web services). The above-mentioned issues should be addressed by industry and governments, to guarantee the security of service in the digital society..."
Comments (0)
Scammers Exploiting Bogus DigiNotar SSL Certificates
September 20, 2011 Added by:Headlines
Security provider Barracuda Networks has warned of a spamming campaign targeting Royal Bank of Canada customers. The spam messages falsely notify users that their SSL certificate has expired, and that in order to continue using online banking services they are required to update the certificate...
Comments (0)
DigiNotar Files for Bankruptcy Following Security Lapse
September 20, 2011 Added by:Headlines
DigiNotar has filed a voluntary bankruptcy petition following a serious breach of security. “We are working to quantify the damages caused by the hacker’s intrusion into DigiNotar’s system and will provide an estimate of the range of losses as soon as possible..."
Comments (0)
DigiNotar Banned from Issuing New Digital Certificates
September 16, 2011 Added by:Headlines
"An unauthorized third party (hacker) has been active on the CA server that is used for issuing qualified certificates... The integrity of the data on the [DigiNotar] server that is used for production and issuance of qualified certificates is therefore impossible to guarantee..."
Comments (0)
Comodohacker Claims Windows Update Compromise
September 13, 2011 Added by:Headlines
“I’m able to issue Windows updates... I already reversed ENTIRE Windows update protocol, how it reads XMLs via SSL, which includes URL, KB no, SHA-1 hash of file for each update, how it verifies that downloaded file is signed using WinVerifyTrust API..."
Comments (0)
Hacked Certificate Authorities - Nothing Left to Trust
September 12, 2011 Added by:Rafal Los
When the very authority that helps your computer systems identify who to trust is compromised... who or what is there left to trust? I don't mean to sound alarmist, but if even half the claims this black hat hacker are making are true, we have a severe Defcon 1-style problem on our hands...
Comments (0)
Comodo: Iran Responsible for Rogue Digital Certificates
September 08, 2011 Added by:Headlines
"The attack on Diginotar doesn't rival Stuxnet in terms of sophistication or coordination. However, the consequences of the attack on Diginotar will far outweigh those of Stuxnet. The attack on Diginotar will put cyberwar on or near the top of the political agenda of Western governments..."
Comments (0)
Preliminary Report on Bogus DigiNotar Certificates
September 06, 2011 Added by:Headlines
"A number of servers were compromised. The hackers have obtained administrative rights to the outside webservers, the CA server Relaties-CA and also to Public-CA. Traces of hacker activity started on June 17th and ended on July 22nd..."
Comments (0)
Potentially Hundreds of Bogus Digital Certificates Issued
August 31, 2011 Added by:Headlines
"Chrome's hardcoded certificate blacklist actually increased by 247 entries... When a Comodo reseller was hacked back in March and its infrastructure was used to issue rogue certs for Google, Hotmail, Yahoo and other sites, Chrome's blacklist increased with just 10 certs..."
Comments (0)
- Identity & Access Management: Give Me a REST
- Over-Sharing Riskier than Government Snooping
- 20 Critical Security Controls: Control 13 – Boundary Defense
- Redefining Social Networking
- Creating Your Own Privacy & ROI
- Security Intelligence for the Enterprise - Part 1
- Why are Cybercrimes NOT Always White-collar Crimes?
- From the SMB to Security Guru: Five Ways IT Pros Can Manage Security on a Budget
- Balancing Act Between Privacy and Security
- The NSA’s Word Games Explained: How the Government Deceived Congress in the Debate over Surveillance Powers