Access your Pro+ Content below.
Breaches prompt call for certificate authority architecture alternatives
This article is part of the Information Security magazine issue of October 2011
This summer’s attack on Dutch certificate authority DigiNotar has prompted browser makers to stop accepting the firm’s digital certificates and fueled a renewed interest in finding a replacement for the fragile Internet digital certificate infrastructure. DigiNotar’s security practices and technologies were woefully inadequate, according to Dutch security firm Fox-IT, which conducted an audit of its systems. The certificate authority, which sells commercial secure socket layer (SSL) certificates and works with the Dutch government on its PKI implementation, received a hail of criticism when it announced Sept. 5 that a hacker had breached its systems and stole several SSL certificates. The breach actually occurred July 19; DigiNotar thought it had quietly revoked all fraudulent certificates. But the compromise of the company’s CA servers came to light when security researchers discovered DigiNotar had issued a valid SSL wildcard certificate for Google to an Iranian-based entity. The rogue Google certificate is believed to have ...
Access this PRO+ Content for Free!
Features in this issue
Traditional antivirus tools have matured into multi-featured antimalware suites. Here’s what you should know when shopping for endpoint protection.
The breaches of certificate authorities fuel renewed debate for Internet security alternatives.
Columns in this issue
This year’s Security 7 Award winners represent a bright spot in an industry beset by bad news.
An InfoSec Leaders survey examines the impact of different certs on the security profession.
Networked medical devices introduce new risks but does a new standard go far enough in addressing the problem?