NATO's recent proclamation that cyberspace is an official domain of warfare, along with Russia's reported cyberaggressions against the U.S. and Ukraine, raises interesting questions about how one can responsibly manage cyberwarfare.
A new blog post by security researcher Tavis Ormandy chastises security software certification programs for giving antivirus products high grades despite the presence of multiple low-hanging vulnerabilities.
Portsmouth, N.H.-based certificate authority (CA) GlobalSign plans to be back fully operating on Monday after temporarily suspending the issuance of SSL credentials due to claims from a hacker linked to attacks on Comodo and DigiNotar. In a Monday post to Pastebin, a hacker claimed responsibility for the major attack on DigiNotar and said he has access to four other CAs, including GlobalSign. "We are adopting a high-threat approach to bringing services back online and we are working with a number of organizations to audit the process," the company said in a news release. GlobalSign is still investigating the hacker's claims, but said it believes CAs are facing an "industry-wide" attack.
The MashSSL Alliance, an organization dedicated to promoting the use of the MashSSL open specification, has formed. MashSSL, in the process of being standardized, lets web applications mutually authenticate and establishes a secure channel, without having to trust the user or browser. The alliance is made up of a number of technology certification authorities, including VeriSign and Comodo.