Trust but verify: when CAs fall short

We’ve recently experienced yet another case of a root certificate authority (CA from now on) losing control of its own certificates. And yet again, we have been waiting for either the CA or the browser to do something about it. This whole mess stems, once again, from both a governance and a technical problem. First, only the very same CA that issued a certificate can later revoke it. Second, although web browsers implement several techniques to check the certificate’s revocation status, errors in the procedure are rarely considered hard failures.

Story added 19. February 2013, content source with full text you can find at link above.

Comments are closed.

More antivirus and malware news?

Please vote for Naked Security in the 2016 Security Blogger Awards!
Microsoft Launches Windows Bug Bounty Program
The FCC is beta testing a next-gen telephone network
Threat geography: Why certain kinds of cyberattacks come from certain places
Apple Revives Encryption Debate With Move on Child Exploitation
D-Link router flaw lets anyone login through “Joel’s Backdoor”
When You’re in the Wild with Websites
Penn State Beaver Voice Services Migration
‘GODLESS’ Mobile Malware Uses Multiple Exploits to Root Devices
Hackers using PRISM-phishing Java RAT to steal government data

Trust but verify: when CAs fall short

More antivirus and malware news?

Ads

Security news

Malware

Security

IT security

About site

Search Terms Tips

Recent New Tips

Recent Posts