Blog Posts Tagged with "Digital Certificates"
Ever-Clearer Vulnerabilities in Certificate Authority System
January 03, 2012 Added by:Electronic Frontier Foundation
At EFF we are big fans of HTTPS, the secure version of HTTP that allows for private conversations between websites and users who are browsing them. Though we've known that this system has been flawed for a while now, last year there were two attacks that acutely demonstrated just how brittle it is...
Comments (0)
Consortium Issues Baseline Requirements for SSL
December 20, 2011 Added by:Headlines
"The primary goal of these Requirements is to enable efficient and secure electronic communication, while addressing user concerns about the trustworthiness of Certificates. The Requirements also serve to inform users and help them to make informed decisions when relying on Certificates..."
Comments (0)
ENISA Releases DigiNotar Report: Operation Black Tulip
December 06, 2011 Added by:Headlines
"The Diginotar attack was an attack on the foundations of secure electronic communications (email, web browsing, web services). The above-mentioned issues should be addressed by industry and governments, to guarantee the security of service in the digital society..."
Comments (0)
Securing Mobile Data Communications
November 17, 2011 Added by:Steven Fox, CISSP, QSA
The selection of encryption algorithms to support a mobile device will be determined by data classification considerations and business requirements. Several vendors in the defense industry are developing FIPS 140-2 validated devices to support applications used by the DoD and NSA...
Comments (0)
Scammers Exploiting Bogus DigiNotar SSL Certificates
September 20, 2011 Added by:Headlines
Security provider Barracuda Networks has warned of a spamming campaign targeting Royal Bank of Canada customers. The spam messages falsely notify users that their SSL certificate has expired, and that in order to continue using online banking services they are required to update the certificate...
Comments (0)
DigiNotar Files for Bankruptcy Following Security Lapse
September 20, 2011 Added by:Headlines
DigiNotar has filed a voluntary bankruptcy petition following a serious breach of security. “We are working to quantify the damages caused by the hacker’s intrusion into DigiNotar’s system and will provide an estimate of the range of losses as soon as possible..."
Comments (0)
Companies Using Secure Protocols in an Insecure Manner
September 16, 2011 Added by:Cor Rosielle
I only looked at the Fortune 500 companies with knowledgeable IT and security staff, and with a board and directors who should care about security and have sufficient budget to get these basic things right. Let's hope the companies are as disappointed about these results as I was...
Comments (8)
DigiNotar Banned from Issuing New Digital Certificates
September 16, 2011 Added by:Headlines
"An unauthorized third party (hacker) has been active on the CA server that is used for issuing qualified certificates... The integrity of the data on the [DigiNotar] server that is used for production and issuance of qualified certificates is therefore impossible to guarantee..."
Comments (0)
Comodohacker Claims Windows Update Compromise
September 13, 2011 Added by:Headlines
“I’m able to issue Windows updates... I already reversed ENTIRE Windows update protocol, how it reads XMLs via SSL, which includes URL, KB no, SHA-1 hash of file for each update, how it verifies that downloaded file is signed using WinVerifyTrust API..."
Comments (0)
Hacked Certificate Authorities - Nothing Left to Trust
September 12, 2011 Added by:Rafal Los
When the very authority that helps your computer systems identify who to trust is compromised... who or what is there left to trust? I don't mean to sound alarmist, but if even half the claims this black hat hacker are making are true, we have a severe Defcon 1-style problem on our hands...
Comments (0)
Comodo: Iran Responsible for Rogue Digital Certificates
September 08, 2011 Added by:Headlines
"The attack on Diginotar doesn't rival Stuxnet in terms of sophistication or coordination. However, the consequences of the attack on Diginotar will far outweigh those of Stuxnet. The attack on Diginotar will put cyberwar on or near the top of the political agenda of Western governments..."
Comments (0)
Preliminary Report on Bogus DigiNotar Certificates
September 06, 2011 Added by:Headlines
"A number of servers were compromised. The hackers have obtained administrative rights to the outside webservers, the CA server Relaties-CA and also to Public-CA. Traces of hacker activity started on June 17th and ended on July 22nd..."
Comments (0)
Potentially Hundreds of Bogus Digital Certificates Issued
August 31, 2011 Added by:Headlines
"Chrome's hardcoded certificate blacklist actually increased by 247 entries... When a Comodo reseller was hacked back in March and its infrastructure was used to issue rogue certs for Google, Hotmail, Yahoo and other sites, Chrome's blacklist increased with just 10 certs..."
Comments (0)
Could the IT Staff Hold Your Company Hostage?
May 24, 2011 Added by:Headlines
Report: "A significant number of IT staff could cause chaos for their organizations with their knowledge of and access to digital certificates and encryption keys due to lack of management controls and no separation of duties..."
Comments (0)
PS3 Cluster Attacks: Shall We Play a Game?
April 28, 2011 Added by:J. Oquendo
While 70 million people or so are complaining about not getting their Modern Warfare fix, an interesting e-mail made its way into my inbox. It touched on an altogether bigger problem that Sony may have on their hands - that the entire world for that matter may have on their hands...
Comments (4)
SSL Issues: From Man-in-the-Middle Attacks to Hackers
April 16, 2011 Added by:Dan Dieterle
There seems to be little verification before certificates are handed out. When you add in reports of hackers stealing or creating fake certificates and also hardware devices that perform SSL man-in-the-middle attacks, it sounds like SSL is really in need of an overhaul...
Comments (0)
- When Data Is Currency, Who’s Responsible for Its Security?
- SEC Shares Cybersecurity and Resiliency Observations
- What Does Being Data-Centric Actually Look Like?
- The Big 3: Top Domain-Based Attack Tactics Threatening Organizations
- Security Compass Receives Funding for Product Development and Expansion
- Password Shaming Isn’t Productive – Passwords Are Scary Business
- Five Key Cyber-Attack Trends for This Year
- 20/20 Vision on 2020's Network Security Challenges
- Is Cybersecurity Getting Too Complex?
- Global Security Threats Organizations Must Prepare for in 2020