Security Management Strategies for the CIOAccess "Breaches prompt call for certificate authority architecture alternatives"
This article is part of the October 2011 issue of Spotlight on top security trends of 2011 and Security 7 award winners
This summer’s attack on Dutch certificate authority DigiNotar has prompted browser makers to stop accepting the firm’s digital certificates and fueled a renewed interest in finding a replacement for the fragile Internet digital certificate infrastructure. DigiNotar’s security practices and technologies were woefully inadequate, according to Dutch security firm Fox-IT, which conducted an audit of its systems. The certificate authority, which sells commercial secure socket layer (SSL) certificates and works with the Dutch government on its PKI implementation, received a hail of criticism when it announced Sept. 5 that a hacker had breached its systems and stole several SSL certificates. The breach actually occurred July 19; DigiNotar thought it had quietly revoked all fraudulent certificates. But the compromise of the company’s CA servers came to light when security researchers discovered DigiNotar had issued a valid SSL wildcard certificate for Google to an Iranian-based entity. The rogue Google certificate is believed to have been used to monitor Gmail ... Access >>>
Access TechTarget
Premium Content for Free.
What's Inside
Features
-
-
Winners of the 2011 Security 7 Award have their say
by Inforamtion Security Staff
Hear from the winners of this year's Information Security magazine Security 7 Award.
-
Breaches prompt call for certificate authority architecture alternatives
by Robert Westervelt, News Director
The breaches of certificate authorities fuel renewed debate for Internet security alternatives.
-
Winners of the 2011 Security 7 Award have their say
by Inforamtion Security Staff
-
-
Antimalware product suites: Understanding capabilities and limitations
by Lenny Zeltser
Traditional antivirus tools have matured into multi-featured antimalware suites. Here’s what you should know when shopping for endpoint protection.
-
Antimalware product suites: Understanding capabilities and limitations
by Lenny Zeltser
-
Columns
-
Security 7 Award: Seven security standouts
by Marcia Savage, Editor
This year’s Security 7 Award winners represent a bright spot in an industry beset by bad news.
-
Determining the value of infosec certifications
by Lee Kushner
An InfoSec Leaders survey examines the impact of different certs on the security profession.
-
Medical device security: Does IEC 80001 go far enough?
by Joseph Granneman
Networked medical devices introduce new risks but does a new standard go far enough in addressing the problem?
-
Security 7 Award: Seven security standouts
by Marcia Savage, Editor
More Premium Content Accessible For Free
Unlock new pathways to network security architecture
E-Zine
Network security architecture is showing its age at many organizations. With new technology, different data types, and use of multi-generations of ...
Emerging threat detection techniques and products
E-Handbook
Advanced persistent threat (APT) has been a used and abused term in the security industry, but security experts say targeted attacks are a growing ...
The rapid evolution of MDM solutions
E-Zine
Mobile device management (MDM) continues to grow at a feverish pace, both in terms of adoption and mobile security features. BYOD policies, and the ...