Access "Breaches prompt call for certificate authority architecture alternatives"
This article is part of the October 2011 issue of Spotlight on top security trends of 2011 and Security 7 award winners
This summer’s attack on Dutch certificate authority DigiNotar has prompted browser makers to stop accepting the firm’s digital certificates and fueled a renewed interest in finding a replacement for the fragile Internet digital certificate infrastructure. DigiNotar’s security practices and technologies were woefully inadequate, according to Dutch security firm Fox-IT, which conducted an audit of its systems. The certificate authority, which sells commercial secure socket layer (SSL) certificates and works with the Dutch government on its PKI implementation, received a hail of criticism when it announced Sept. 5 that a hacker had breached its systems and stole several SSL certificates. The breach actually occurred July 19; DigiNotar thought it had quietly revoked all fraudulent certificates. But the compromise of the company’s CA servers came to light when security researchers discovered DigiNotar had issued a valid SSL wildcard certificate for Google to an Iranian-based entity. The rogue Google certificate is believed to have been used to monitor Gmail ... Access >>>
Premium Content for Free.
Winners of the 2011 Security 7 Award have their say
by Inforamtion Security Staff
Hear from the winners of this year's Information Security magazine Security 7 Award.
Breaches prompt call for certificate authority architecture alternatives
by Robert Westervelt
The breaches of certificate authorities fuel renewed debate for Internet security alternatives.
- Winners of the 2011 Security 7 Award have their say by Inforamtion Security Staff
Antimalware product suites: Understanding capabilities and limitations
by Lenny Zeltser
Traditional antivirus tools have matured into multi-featured antimalware suites. Here’s what you should know when shopping for endpoint protection.
- Antimalware product suites: Understanding capabilities and limitations by Lenny Zeltser
Security 7 Award: Seven security standouts
by Marcia Savage
This year’s Security 7 Award winners represent a bright spot in an industry beset by bad news.
Determining the value of infosec certifications
by Lee Kushner
An InfoSec Leaders survey examines the impact of different certs on the security profession.
Medical device security: Does IEC 80001 go far enough?
by Joseph Granneman
Networked medical devices introduce new risks but does a new standard go far enough in addressing the problem?
- Security 7 Award: Seven security standouts by Marcia Savage
More Premium Content Accessible For Free
For many security teams, "continuous monitoring" is a vague concept associated with FISMA compliance. A continuous monitoring program can be simple ...
The variety and sheer number of network endpoints, users and devices in the enterprise today is driving IT's demands for enhanced security features ...
Enterprises leverage open source software for the perceived quality of the code, but the Heartbleed flaw has made many question their use of ...