Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Trust Implications From VeriSign Breach

BitDefender UK : 07 February, 2012  (Technical Article)
BitDefender researcher comments on the repeated hacking of VeriSign and what this means in terms of enterprise trust
Trust Implications From VeriSign Breach
Catalin Cosoi, Global Research Director at antivirus solutions provider Bitdefender explores the news that VeriSign has been hacked repeatedly by outsiders who stole undisclosed information.

“The company as an operator of critical infrastructure is frequently targeted and experiences a high rate of attacks. Taking the example of Stuxnet, we know stolen certificates have been used in time to spread sophisticated malicious software. A valid digital signature is a crucial requirement of 64-bit operating systems whenever a critical piece of software tries to install itself.  VeriSign is one of the most important enterprise trust authorities in the world, which delivers people safely to more than half the world's websites. A certificate issued by VeriSign will automatically be accepted by both browsers and operating systems. This kind of incident practically voids all the security provided by 64-bit operating systems.”

“It’s also worth remembering that this already happened to DigiNotar last year. Fake certificates were issued and used by cybercrooks to impersonate Gmail and other critical services. What's worrying is that the attackers could have generated valid software signing certificates for smaller, less-known companies and use them to sign malware. By the time VeriSign realizes that the respective company did not request the certificate, some nasty rootkits could be long since in the wild.”

“To conclude, the worst case scenario would be several phishing attacks with valid certificates that browsers will render as legit. This would potentially yield a huge level of data that could be exploited for financial gain. However, it’s important to remember that a strong antiphishing solution will keep you protected.”
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo