Blog Posts Tagged with "Digital Certificates"

7ddc1f3000a13e4dfec28074e9e7b658

Ever-Clearer Vulnerabilities in Certificate Authority System

January 03, 2012 Added by:Electronic Frontier Foundation

At EFF we are big fans of HTTPS, the secure version of HTTP that allows for private conversations between websites and users who are browsing them. Though we've known that this system has been flawed for a while now, last year there were two attacks that acutely demonstrated just how brittle it is...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Consortium Issues Baseline Requirements for SSL

December 20, 2011 Added by:Headlines

"The primary goal of these Requirements is to enable efficient and secure electronic communication, while addressing user concerns about the trustworthiness of Certificates. The Requirements also serve to inform users and help them to make informed decisions when relying on Certificates..."

Comments  (0)

69dafe8b58066478aea48f3d0f384820

ENISA Releases DigiNotar Report: Operation Black Tulip

December 06, 2011 Added by:Headlines

"The Diginotar attack was an attack on the foundations of secure electronic communications (email, web browsing, web services). The above-mentioned issues should be addressed by industry and governments, to guarantee the security of service in the digital society..."

Comments  (0)

B09c361cbdc6cf629affdc7db30a186d

Securing Mobile Data Communications

November 17, 2011 Added by:Steven Fox, CISSP, QSA

The selection of encryption algorithms to support a mobile device will be determined by data classification considerations and business requirements. Several vendors in the defense industry are developing FIPS 140-2 validated devices to support applications used by the DoD and NSA...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Scammers Exploiting Bogus DigiNotar SSL Certificates

September 20, 2011 Added by:Headlines

Security provider Barracuda Networks has warned of a spamming campaign targeting Royal Bank of Canada customers. The spam messages falsely notify users that their SSL certificate has expired, and that in order to continue using online banking services they are required to update the certificate...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

DigiNotar Files for Bankruptcy Following Security Lapse

September 20, 2011 Added by:Headlines

DigiNotar has filed a voluntary bankruptcy petition following a serious breach of security. “We are working to quantify the damages caused by the hacker’s intrusion into DigiNotar’s system and will provide an estimate of the range of losses as soon as possible..."

Comments  (0)

3ac1b4d00e292a1a670a4df0e460892a

Companies Using Secure Protocols in an Insecure Manner

September 16, 2011 Added by:Cor Rosielle

I only looked at the Fortune 500 companies with knowledgeable IT and security staff, and with a board and directors who should care about security and have sufficient budget to get these basic things right. Let's hope the companies are as disappointed about these results as I was...

Comments  (8)

69dafe8b58066478aea48f3d0f384820

DigiNotar Banned from Issuing New Digital Certificates

September 16, 2011 Added by:Headlines

"An unauthorized third party (hacker) has been active on the CA server that is used for issuing qualified certificates... The integrity of the data on the [DigiNotar] server that is used for production and issuance of qualified certificates is therefore impossible to guarantee..."

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Comodohacker Claims Windows Update Compromise

September 13, 2011 Added by:Headlines

“I’m able to issue Windows updates... I already reversed ENTIRE Windows update protocol, how it reads XMLs via SSL, which includes URL, KB no, SHA-1 hash of file for each update, how it verifies that downloaded file is signed using WinVerifyTrust API..."

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Hacked Certificate Authorities - Nothing Left to Trust

September 12, 2011 Added by:Rafal Los

When the very authority that helps your computer systems identify who to trust is compromised... who or what is there left to trust? I don't mean to sound alarmist, but if even half the claims this black hat hacker are making are true, we have a severe Defcon 1-style problem on our hands...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Comodo: Iran Responsible for Rogue Digital Certificates

September 08, 2011 Added by:Headlines

"The attack on Diginotar doesn't rival Stuxnet in terms of sophistication or coordination. However, the consequences of the attack on Diginotar will far outweigh those of Stuxnet. The attack on Diginotar will put cyberwar on or near the top of the political agenda of Western governments..."

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Preliminary Report on Bogus DigiNotar Certificates

September 06, 2011 Added by:Headlines

"A number of servers were compromised. The hackers have obtained administrative rights to the outside webservers, the CA server Relaties-CA and also to Public-CA. Traces of hacker activity started on June 17th and ended on July 22nd..."

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Potentially Hundreds of Bogus Digital Certificates Issued

August 31, 2011 Added by:Headlines

"Chrome's hardcoded certificate blacklist actually increased by 247 entries... When a Comodo reseller was hacked back in March and its infrastructure was used to issue rogue certs for Google, Hotmail, Yahoo and other sites, Chrome's blacklist increased with just 10 certs..."

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Could the IT Staff Hold Your Company Hostage?

May 24, 2011 Added by:Headlines

Report: "A significant number of IT staff could cause chaos for their organizations with their knowledge of and access to digital certificates and encryption keys due to lack of management controls and no separation of duties..."

Comments  (0)

850c7a8a30fa40cf01a9db756b49155a

PS3 Cluster Attacks: Shall We Play a Game?

April 28, 2011 Added by:J. Oquendo

While 70 million people or so are complaining about not getting their Modern Warfare fix, an interesting e-mail made its way into my inbox. It touched on an altogether bigger problem that Sony may have on their hands - that the entire world for that matter may have on their hands...

Comments  (4)

B64e021126c832bb29ec9fa988155eaf

SSL Issues: From Man-in-the-Middle Attacks to Hackers

April 16, 2011 Added by:Dan Dieterle

There seems to be little verification before certificates are handed out. When you add in reports of hackers stealing or creating fake certificates and also hardware devices that perform SSL man-in-the-middle attacks, it sounds like SSL is really in need of an overhaul...

Comments  (0)

Page « < 1 - 2 - 3 > »