Pro+ Content/Information Security magazine

Thank you for joining!
Access your Pro+ Content below.
October 2011

Breaches prompt call for certificate authority architecture alternatives

This summer’s attack on Dutch certificate authority DigiNotar has prompted browser makers to stop accepting the firm’s digital certificates and fueled a renewed interest in finding a replacement for the fragile Internet digital certificate infrastructure. DigiNotar’s security practices and technologies were woefully inadequate, according to Dutch security firm Fox-IT, which conducted an audit of its systems. The certificate authority, which sells commercial secure socket layer (SSL) certificates and works with the Dutch government on its PKI implementation, received a hail of criticism when it announced Sept. 5 that a hacker had breached its systems and stole several SSL certificates. The breach actually occurred July 19; DigiNotar thought it had quietly revoked all fraudulent certificates. But the compromise of the company’s  CA servers came to light when security researchers discovered DigiNotar had issued a valid SSL wildcard certificate for Google to an Iranian-based entity. The rogue Google certificate is believed to have ...

Access this Pro+ Content for Free!

By submitting you agree to recieve email from TechTarget and its partners. If you reside outside of the United States you consent to having your personal data transferred and processed in the United States. Privacy Policy

Features in this issue

Columns in this issue

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

-ADS BY GOOGLE

Close