Certificate Authorities

Making sense of Middle East-targeted malware

Making sense of Middle East-targeted malware

Stuxnet kicked things off, and since then, there's been an explosion in sophisticated viruses targeting businesses and critical infrastructure in the Gulf region. But, prevention is still an option.

Microsoft, Adobe issue security updates for more than 50 bugs

By

Microsoft plugged 26 vulnerabilities, and Adobe shored up 26 of its own as part of a monster Patch Tuesday. Each company is grappling with an active exploit as well.

Patch Tuesday: Microsoft pushes nine fixes for 16 flaws

By

In addition to 15 other vulnerabilities, Microsoft plugged a gaping Core XML Services hole that was being used in active exploits being foisted through Internet Explorer.

Spy virus Flame got help from doctored Microsoft certificates

By

Illegitimately signed Microsoft certificates were used to help spread the nefarious Flame malware, another sign detailing just how sophisticated the espionage toolkit is.

GlobalSign says web server, not CA systems, hit by breach

By

GlobalSign, which briefly halted operations in September out of concern that it was the latest SSL certificate authority hacked, has determined that its CA infrastructure was never compromised.

Industry group creates guidelines for issuing SSL certs

By

New standards, set to go into effect July 1, 2012, are based on best practices across the SSL/TLS sector. But some researchers, who have called for an overhaul of a system they say is antiquated, don't think standards will help.

Another Dutch certificate authority halts business

By

Netherlands-based KPN Corporate Market, a major telecommunications firm, has decided to exercise caution after uncovering a possible web server breach.

Duqu underscores trouble AV industry has in stopping threats

By

The slowness by which an offspring of Stuxnet was discovered may be further proof that attackers have a significant leg up on the security community.

DigiNotar collapse could cost parent nearly $5 million

By

Authentication solutions provider Vasco expects the bankruptcy of its Dutch-based certificate authority (CA), DigiNotar, to cost it between $3.3 and $4.8 million, according to a statement Tuesday. The estimate does not include losses that may arise through possible lawsuits filed against the company. On Sept. 20, DigiNotar was "declared bankrupt" by a District Court judge in The Netherlands after it emerged that the CA issued hundreds of counterfeit SSL credentials after hackers breached its systems. At least one phony certificate, for Google.com, appeared in the wild, presumably so Iranian users could be spied on the government. Vasco is based in Oakbrook Terrace, Ill.

The flawed certificate authority system

The flawed certificate authority system

By

The foundational assurance of the internet is in doubt these days, following attacks against certificate authorities Comodo and DigiNotar.

After breach, DigiNotar folds into voluntary bankruptcy

By

DigiNotar, the Dutch-based certificate authority that issued hundreds of counterfeit SSL certificates, is no more.

Dead certs?

Are we seeing the decline and fall of SSL and the Certificate Authority model?

Microsoft, Adobe release scheduled security patches

By

Microsoft released five important bulletins addressing 15 flaws, along with an update revoking six more DigiNotar certificates, while Adobe issued critical updates for Reader and Acrobat.

GlobalSign discovers "isolated" web server compromise

By

Certificate authority GlobalSign has discovered that the web server hosting its site was compromised by hackers .

Possibly breached GlobalSign to bring services back Monday

By

Portsmouth, N.H.-based certificate authority (CA) GlobalSign plans to be back fully operating on Monday after temporarily suspending the issuance of SSL credentials due to claims from a hacker linked to attacks on Comodo and DigiNotar. In a Monday post to Pastebin, a hacker claimed responsibility for the major attack on DigiNotar and said he has access to four other CAs, including GlobalSign. "We are adopting a high-threat approach to bringing services back online and we are working with a number of organizations to audit the process," the company said in a news release. GlobalSign is still investigating the hacker's claims, but said it believes CAs are facing an "industry-wide" attack.

DigiNotar breach fallout widens as more details emerge

By

Browser manufacturers and the Dutch government are acting quickly to contain the breach at certificate authority DigiNotar. The incident, meanwhile, has prompted calls for a system overhaul.

DigiNotar said attack is to blame for certificate compromise

By

Like Comodo before it, the certificate authority DigiNotar said its infrastructure was breached, allowing adversaries to create fraudulent SSL certificates.

Iran may be behind yet another SSL certificate spoof

By

Researchers have confirmed that for the second time in less than six months, a provider of SSL certificates has issued a phony credential for Google.com

Black Hat: Researcher releases tool for replacing certificate authorities

By

Well-known researcher Moxie Marlinspike proposed a solution to revamp the current trust-relationship model on the web, essentially turning the power over to the users.

Sign up to our newsletters

RECENT COMMENTS

FOLLOW US