Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Consequences Of Fraudulent Digital Certificates

SecurEnvoy : 05 September, 2011  (Technical Article)
SecurEnvoy looks at the possible consequences of the recent hack on digital certificate service provider DigiNotar
Consequences Of Fraudulent Digital Certificates
Responding to reports that Dutch digital certificate service DigiNotar, part of VASCO Data Security International, was hacked by politically-motivated cybercriminals, SecurEnvoy has warned that the scale of the attack could be far larger than was originally thought and compromises the security of millions of Internet users

According to Steve Watts, co-founder of the tokenless two-factor authentication specialist, as the facts start to emerge about the hack, the various pieces of the digital jigsaw are now coming together - and, he says, it doesn't look good.

“Depending on who you talk to - and which newswire you read - there may be as many as 200 fraudulent digital certificates in circulation, and every one of them could be misused for financial gain, politically-motivated eavesdropping and all sorts of electronic hackery,” he said.

“The problem the global Internet faces is that such is the reliance on certificates as a means of authenticating that the entity at the other end of the IP connection is who they claim to be, the automated systems at the heart of the Internet have no means of knowing when they are being fooled,” he added.

Watts went on to say that the fact that a digital certificate issuer has been hacked into is of great concern to his company – and should be of concern to anyone interested in the ongoing security of the Internet.

This saga, he explained, is similar to the RSA Security hacking incident earlier this year - where stored security keys were compromised - in its potential to affect a large number of end users of Internet services. Unfortunately, whilst RSA has been able to re-issue new hardware tokens to its clients and so partially remediate the situation, this latest mega-hack cannot be resolved without a tree-and-branch restructuring of the Internet's architecture.

The SecurEnvoy co-founder says that initially he thought the hacking of DigiNotar's systems was driven by so-called hacktivists that simply wanted to prove that it could be done. Then, he adds, further facts started pointing towards financially-motivated cybercriminals who were looking for revenue.

But now, he said, the latest pieces of the jigsaw emerge with newswires reporting that political hacktivists were responsible - causing Watts' brow to furrow - as he added, politically-motivated hackers are the worst of the worst.

“The problem is that, whilst cybercriminals are in it for the money - and will move on if the going gets too tough - political hacktivists don't move on. They don't give up. They are fanatics and driven by forces far greater than human greed and avarice. This is what makes me think the scale of this problem may be far larger than previously thought,” he said.

“This latest digital certificate fiasco aside, however, the bottom line here is that authentication systems should not be reliant on third party manufactures storing any security keys. Some vendors - such as SecurEnvoy - have well-designed security offerings that do not require manufacturers to store any keys online, as the required keys are created within the customers’ own trusted environment,” he added.

“Incidents like this highlight the shortcomings of the current digital certificate architecture and also show that more innovative solutions could have prevented certification authority incursions like those affecting DigitNotar and RSA from causing problems for millions of users of the Internet.”
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo