Blog Posts Tagged with "Digital Certificates"

Default-avatar

Gone in 60 Months or Less

September 26, 2013 Added by:Gavin Hill

Cyber-attacks continue to advance in complexity and speed and increasingly target the keys and certificates used to establish trust—from the data center to the cloud. With the advances in technology, is a 60-month, or even a 39-month, validity period for certificates short enough to reduce risk?

Comments  (0)

7e364bbac217114a59e547b354e7f7ad

SSL Wars – Little New Hope

March 28, 2013 Added by:Gary McCully

I thought it was time to write an update regarding the current state of websites that are using SSL/TLS to protect their web applications. Sadly, the current state of SSL/TLS is pretty pathetic. As of March 19, 2013 the SSL Pulse Project reported that many of the most popular sites on the Internet are still struggling with correctly implementing SSL!

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Senators Seek Investigation into Electric Grid Security Issue

July 20, 2012 Added by:Headlines

"These certificates protect access to control systems. They protect access to a $400 billion market. They protect access to trading systems. They also protect access to machines that do things like turn generators off. If you issue a fraudulent certificate or you're lax... the consequences could be disastrous..."

Comments  (0)

03b2ceb73723f8b53cd533e4fba898ee

Cyberoam DPI Vulnerability Alarms Tor Project

July 10, 2012 Added by:Pierluigi Paganini

Tor Project found a vulnerability in Cyberoam DPI where all share the same digital certificate and the private key is the same for every device. The implications are serious, as it could be possible to catch traffic from any user by extracting the key and importing it into other DPI devices for interception...

Comments  (0)

924ce315203c17e05d9e04b59648a942

Flame's MD5 Collision: Most Worrisome Security Discovery of 2012

June 15, 2012 Added by:Richard Stiennon

Stuxnet, Duqu and Flame have used false certificates to infiltrate a network. Action must be taken today to discover and root out MD5 certificates from the enterprise. We are beyond the proof of concept stage. Certificate attacks will be with us as long as MD5 based certificates are used to authenticate critical systems....

Comments  (0)

69dafe8b58066478aea48f3d0f384820

W32.Flamer Used Spoofed Microsoft Digital Certificates

June 04, 2012 Added by:Headlines

"We have discovered through our analysis that some components of the malware have been signed by certificates that allow software to appear as if it was produced by Microsoft. We identified that an older cryptography algorithm could be exploited and then be used to sign code as if it originated from Microsoft..."

Comments  (0)

69dafe8b58066478aea48f3d0f384820

NASA Denies Iranian Hacker's SSL Certificate Breach Claims

May 29, 2012 Added by:Headlines

NASA has officially denied that the agency's systems were breached by the Iranian hacker group the "Cyber Warriors Team," which claimed to have compromised a digital SSL certificate after having coded an HTTPS protocol scanner to find weaknesses in the agency's website...

Comments  (0)

03b2ceb73723f8b53cd533e4fba898ee

Iranian Hackers Hit NASA: Isolated Attack or Act of Cyberwar?

May 24, 2012 Added by:Pierluigi Paganini

Hackers have written an HTTPS protocol scanner to find weaknesses in the NASA website. A NASA spokesman hasn't denied the hack, and the agency is investigating the event. Is it an isolated operation conducted by a group of hackers, or a state-sponsored act of cyberwar?

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

The Growing Importance of Protecting Certificate Authorities

April 08, 2012 Added by:Rafal Los

We've seen a few of the largest CAs get compromised and fake certificates end up in the hands of nation-states which wanted to spy on their population. It goes without saying that there are likely more attacks that we've simply either not picked up or were unreported...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Malware Variant Signed with Valid Digital Certificate

March 16, 2012 Added by:Headlines

Kaspersky has discovered malware in the wild identified as Trojan.Win32.Mediyes accompanied by a VeriSign digital certificate which appears to be part of a click-fraud operation designed to generate revenues for the attackers from a legitimate marketing service...

Comments  (1)

69dafe8b58066478aea48f3d0f384820

OTA Advocates Always On SSL

March 05, 2012 Added by:Headlines

Online Trust Alliance (OTA) is calling on the security, business and interactive advertising communities to adopt Always On SSL (AOSSL), the approach of using SSL/TLS across your entire website to protect users with persistent security, from arrival to login to logout...

Comments  (0)

03b2ceb73723f8b53cd533e4fba898ee

Subordinate Digital Certificates Pits Trustwave vs Mozilla

February 14, 2012 Added by:Pierluigi Paganini

Trustwave declared that the issuing of subordinate root certificates to private companies was done to allow inspection of the SSL encrypted traffic that passes through their networks. Trustwave decided to stop issuing these in the future, and revoked the existing ones...

Comments  (0)

03b2ceb73723f8b53cd533e4fba898ee

VeriSign Hacked - But Why?

February 03, 2012 Added by:Pierluigi Paganini

The impairment of these mechanisms could lead to the redirection of traffic to bogus sites with serious consequences - and not just that - the compromise of the Digital Certificate model itself raises the risk for the interception of emails and confidential documents...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

Web Authentication: A Broken Trust with No Easy Fix

January 30, 2012 Added by:Infosec Island Admin

Systemic weaknesses and a general lack of oversight governing the process used to issue digital certificates, key to the standards used to validate legitimate websites, prompted some security experts to wonder if the system may be hopelessly ineffective...

Comments  (0)

6d1c762d9c16395a7e258d098091ee00

Cyber Defense: Welcome to 2012 and Interesting Times

January 05, 2012 Added by:Cyber Defense Weekly

2011 was the year that state sponsored hacking finally came to national attention with hundreds of articles exposing the continued industrial and military cyber espionage credited to the likes of China and Russia. We can be sure that 2012 will bring more of the same...

Comments  (0)

7ddc1f3000a13e4dfec28074e9e7b658

Ever-Clearer Vulnerabilities in Certificate Authority System

January 03, 2012 Added by:Electronic Frontier Foundation

At EFF we are big fans of HTTPS, the secure version of HTTP that allows for private conversations between websites and users who are browsing them. Though we've known that this system has been flawed for a while now, last year there were two attacks that acutely demonstrated just how brittle it is...

Comments  (0)

Page « < 1 - 2 - 3 > »