123ArticleOnline Logo
Welcome to 123ArticleOnline.com!
ALL >> Others >> View Article

Hacker Stole Multiple Ssl Certificates Belonging To Some Of The Web's Biggest Sites, Including Googl

Profile Picture
By Author: EC-COUNCIL
Total Articles: 68
Comment this article
Facebook ShareTwitter ShareGoogle+ ShareTwitter Share

Talk about SSL certificates and security of internet communication has surfaced following the recent SSL certificate theft. Some even criticized Mozilla’s silent, others believed that the delay in disclosing a theft of the digital certificates put certain lives at risk. What is certain is that the result of this incident presented a new threat model for information security professionals.
An Iranian hacker claimed responsibility for stealing multiple SSL certificates belonging to some of the Web's biggest sites, including Google, Microsoft, Skype and Yahoo. On March 15, hackers stole nine SSL certificates from a Comodo certificate reseller. Comodo said, at least one of the certificates, for logon.yahoo.com, was used to legitimize a fake Yahoo site hosted by an Iranian ISP (Internet service provider). None of the browser makers went public with the Comodo hack or the existence of the rogue certificates before March 22.
Comodo's chief executive Melih Abdulhayoglu said. "We didn't, however, model for attack from a foreign government. Our security was good in that we picked up the attack and shut it down quickly, but ...
... we should have covered this threat model,"
SSL certificates work on the ground that the issuing body is credible. Organizations such as Verisign, Thawte, Equifax, Entrust, Global Sign, RapidSSL and Comodo promote themselves as sophisticated, guarded operations that can be trusted to issue certificates.
While Comodo deserves credit for admitting what happened, that part of its system used to issue SSL certificates was compromised by a third party getting access to a login and password will raise serious concerns for the firm and its customers.
Appelbaum told Mozilla that the attack was not a normal attack. Disclosure does not allow anyone else to perform this attack. Only the attacker with the certificate is able to take advantage of this situation. Only the attacker will benefit from a delay.
Abdulhayoglu described three clues to the attacker's origin. Firstly the choice of targets was not financial companies but core internet infrastructure sites.
Secondly, in order for the certificates to be of any use, access to the domain name system infrastructure would have been required.
Finally, the attack was very well orchestrated and "too clean". It did not bear the hallmarks of criminal attacks the company had experience with in the past, according to Abdulhayoglu.
"You can't be 100 per cent certain," he said. "But if it looks like a duck, and quacks like a duck, then it probably is a duck."
This recent theft incident goes to show that even SSL certificates are not foolproof for ensuring the security of communications on the Internet.
It is highly critical that organizations perform pen testing more frequently before hackers attack. Organizations that are involved with online transactions, which allow inbound connections and potentially exposing customer information, should be more concerned. They either have to go through a consultant or with hire information security professionals advanced skills and knowledge in penetration testing.

Information security professionals can increase their penetrating testing knowledge and skills from enrolling in a highly technical and intensive information security training that focuses attacking and defending highly secured environments. EC-Council has launched the Center of Advanced Security Training (CAST), to address the deficiency in the lack of highly technically skilled information security professionals. CAST will provide a highly advanced technical security training called the Advanced Penetration Testing training (APT). This highly sought after and advanced information security course will be offered at all EC-Council hosted conferences and events, and through specially selected training partners. The launch classes for CAST will be at the upcoming TakeDownCon Dallas, from May 15-17, 2011.
About EC-Council
EC-Council is a member-based organization that certifies individuals in various e-business and security skills. It is the owner and developer of the world famous Certified Ethical Hacker (CEH) course, Computer Hacking Forensics Investigator (CHFI) program, License Penetration Tester (LPT) program and various otherinformation security training programs offered in over 60 countries around the globe. EC-Council has trained over 80,000 individuals in technical security training and certified more than 30,000 security professionals. EC-Council has launched the Center of Advanced Security Training (CAST), to address the deficiency in the lack of highly technically skilled information security professionals. www.eccouncil.org.

Total Views: 577Word Count: 701See All articles From Author

Add Comment

Others Articles

1. Iatf 16949 Certification: Complete Guide To Requirements, Benefits, Implementation & Certification Process
Author: URS Certification

2. Luxury Sliding Wardrobe Designs Catalogue For Premium Interiors
Author: Arte En Casa

3. Restore Your Property Quickly With Trusted Water Damage Restoration In Glenview, Il
Author: Mike Aljupoor

4. British Bridal Gowns: A Perfect Blend Of Tradition And Modern Elegance
Author: mark wood

5. Phone Screen Repair Near Me | Fast & Trusted Service
Author: Real Mobile Repair

6. Hvac Solutions In Northfield, Nj For Year-round Comfort
Author: Air Comfort and Refrigeration

7. Why Professional Rug Cleaning Washington Dc Protects Your Investment?
Author: Micacarpet

8. Iphone Charging Port Repair Rowlett Experts
Author: IPhone Fix Richardson

9. Pest Control Cleveland: Complete Guide To Pest-free Homes
Author: Kreshco Pest Control

10. Go For The Amazing Corporate Day Out Organizer In Bangalore
Author: Organizations

11. Business Mentors: Why Every Entrepreneur Needs A Mentorship Programme For Success
Author: Byst Youth

12. Colored Dental Acrylic: Properties, Applications, Advantages, And Future Trends
Author: Lang Dental

13. How Replacement Velux Roof Window Glass Helps Keep Homes Cooler In Summer
Author: Yorkshire Roof Windows

14. How To Choose The Right Residential Painting Services
Author: brendanprior

15. Affordable Pest Control Gold Coast You Can Trust
Author: Bug Buster Gold Coast

Login To Account
Login Email:
Password:
Forgot Password?
New User?
Sign Up Newsletter
Email Address: