SSL Certificates attacked

This is an interesting story, Comodo issue SSL certificates and were tricked into issuing fraudulent certificates through a logon of a European reseller. For sites like Google and Microsoft.

On it’s own it’s pretty poor form that any reseller can bang out certificates without any real checks. But when you place it along side RSA theft it becomes even more interesting. Both attack core encryption blocks of the jigsaw. Both look targeted in that by itself the information taken is only useful as part of a larger or wider attack. In both cases you’re left scratching your head about so called security suppliers.

Maybe we’re seeing the tip of the state sponsored iceberg. I hope not.

UPDATE
Here’s an interesting analysis of the same issue from the Blog at the TOR project

Posted by Carlton Duston on 28 Mar 2011 | 0 comments
Tagged with News, Opinion, None

Comments

Post new comment

Your name: *

E-mail: *

The content of this field is kept private and will not be shown publicly.

Homepage:

Comment: *

• Node images can be embedded in this post. Format: [image:ID:TYPE:ALIGN:CAPTION]
  TYPE: thumb display logo
  ALIGN: left right center none
  CAPTION: <insert new> desc (image description) none
  Examples: [image:8:thumb:right:none] [image:12:display:none:Sunset]
• You can use Textile markup to format text.
• Adds typographic refinements.

More information about formatting options

4

What code is in the image?: *

Enter the characters shown in the image.