Mozilla and Microsoft said Thursday they are revoking trust in all certificates issued by Digicert, a Malaysian intermediate certificate authority, after it was found that it had issued 22 certificates with weak 512 bit keys and missing certificate extensions and revocation information. The Malaysian company was issued an intermediate CA…
Firefox and Internet Explorer pull trust in DigiCert SSL certificates
Mozilla and Microsoft said Thursday they are revoking trust in all certificates issued by Digicert, a Malaysian intermediate certificate authority, after it was found that it had issued 22 certificates with weak 512 bit keys and missing certificate extensions and revocation information. The Malaysian company was issued an intermediate CA…
Malware Munches on Mitsubishi, and Certificates Can Lie
In the wake of repeated hacker attacks on defense contractors in the United States comes news that the systems of Mitsubishi Heavy Industries, Japan’s biggest defense contractor, have been breached. Mitsubishi’s submarine, missile and nuclear power plant component factories were reportedly targeted by the attackers. Meanwhile, the security community is…
Don’t trust SSL certificates, says US cybersecurity adviser
Former White House cybersecurity adviser Richard Clarke views hacktivist group Anonymous “more positively than most people”, and insists that digital SSL certificates cannot be trusted. The 60-year-old, who served for 19 years in the Pentagon, intelligence community and State Department, was a special adviser to President George W Bush on…
DigiNotar Barred From Issuing Qualified Certificates; Existing Signatures Invalidated (September 15 & 16, 2011)
Dutch certificate authority DigiNotar can no longer issue qualified certificates and must revoke those that have already been issued……. View full post on SANS NewsBites View full post on National Cyber Security
Symantec cloud-based service hunts down ‘rogue certificates’
Symantec has introduced a cloud-based Symantec Certificate Intelligence Center to keep track of SSL server certificates used by an organisation. The service works with an on-premises software component that can help IT managers seek rogue SSL certificates and check when internal certificates expire. “Every SSL certificate comes with a shelf…
DigiNotar hacker vows to use more fake certificates
A hacker known as Comodohacker has taken responsibility for the recent attack against Dutch certificate authority DigiNotar and is now threatening to release fake security certificates for other companies that he has hacked. Beyond issuing a phony certificate for Google.com, DigiNotar has admitted that the attack actually caused the company…
Microsoft Joins Mozilla and Google in Blocking DigiNotar Certificates (September 6, 7 & 8, 2011)
Microsoft released an out-of-cycle update for Windows to block all digital certificates issued by DigiNotar……. View full post on SANS NewsBites View full post on National Cyber Security Gergory Evans Gregory Evans | LinkedIn Interview With Gregory Evans Gregory Evans Security Expert Gregory Evans on Cyber Crime
Apple criticised for not blocking stolen SSL certificates
Apple have been criticised for “foot dragging” over the DigiNotar certificate fiasco and have been urged to quickly update Mac OS X to protect users. Security and forensics analyst Paul Henry, from Arizone-based Lumension, said: “We’re looking at some very serious issues about trust on the web and it doesn’t…
DigiNotar hacker wants to expand spy attacks globally using stolen certificates
The hacker linked to several breaches of SSL certificate-issuing networks this year admitted sharing stolen certificates with others in Iran and has threatened to extend future spy-style attacks to computer users in the US, Europe and Israel. “I’ll own as more as gateways in Israel, USA, Europe, as more as…