123ArticleOnline Logo
Welcome to 123ArticleOnline.com!
ALL >> Others >> View Article

Hacker Stole Multiple Ssl Certificates Belonging To Some Of The Web's Biggest Sites, Including Googl

Profile Picture
Total Articles: 68
Comment this article
Facebook ShareTwitter ShareGoogle+ ShareTwitter Share

Talk about SSL certificates and security of internet communication has surfaced following the recent SSL certificate theft. Some even criticized Mozilla’s silent, others believed that the delay in disclosing a theft of the digital certificates put certain lives at risk. What is certain is that the result of this incident presented a new threat model for information security professionals.
An Iranian hacker claimed responsibility for stealing multiple SSL certificates belonging to some of the Web's biggest sites, including Google, Microsoft, Skype and Yahoo. On March 15, hackers stole nine SSL certificates from a Comodo certificate reseller. Comodo said, at least one of the certificates, for logon.yahoo.com, was used to legitimize a fake Yahoo site hosted by an Iranian ISP (Internet service provider). None of the browser makers went public with the Comodo hack or the existence of the rogue certificates before March 22.
Comodo's chief executive Melih Abdulhayoglu said. "We didn't, however, model for attack from a foreign government. Our security was good in that we picked up the attack and shut it down quickly, but ...
... we should have covered this threat model,"
SSL certificates work on the ground that the issuing body is credible. Organizations such as Verisign, Thawte, Equifax, Entrust, Global Sign, RapidSSL and Comodo promote themselves as sophisticated, guarded operations that can be trusted to issue certificates.
While Comodo deserves credit for admitting what happened, that part of its system used to issue SSL certificates was compromised by a third party getting access to a login and password will raise serious concerns for the firm and its customers.
Appelbaum told Mozilla that the attack was not a normal attack. Disclosure does not allow anyone else to perform this attack. Only the attacker with the certificate is able to take advantage of this situation. Only the attacker will benefit from a delay.
Abdulhayoglu described three clues to the attacker's origin. Firstly the choice of targets was not financial companies but core internet infrastructure sites.
Secondly, in order for the certificates to be of any use, access to the domain name system infrastructure would have been required.
Finally, the attack was very well orchestrated and "too clean". It did not bear the hallmarks of criminal attacks the company had experience with in the past, according to Abdulhayoglu.
"You can't be 100 per cent certain," he said. "But if it looks like a duck, and quacks like a duck, then it probably is a duck."
This recent theft incident goes to show that even SSL certificates are not foolproof for ensuring the security of communications on the Internet.
It is highly critical that organizations perform pen testing more frequently before hackers attack. Organizations that are involved with online transactions, which allow inbound connections and potentially exposing customer information, should be more concerned. They either have to go through a consultant or with hire information security professionals advanced skills and knowledge in penetration testing.

Information security professionals can increase their penetrating testing knowledge and skills from enrolling in a highly technical and intensive information security training that focuses attacking and defending highly secured environments. EC-Council has launched the Center of Advanced Security Training (CAST), to address the deficiency in the lack of highly technically skilled information security professionals. CAST will provide a highly advanced technical security training called the Advanced Penetration Testing training (APT). This highly sought after and advanced information security course will be offered at all EC-Council hosted conferences and events, and through specially selected training partners. The launch classes for CAST will be at the upcoming TakeDownCon Dallas, from May 15-17, 2011.
About EC-Council
EC-Council is a member-based organization that certifies individuals in various e-business and security skills. It is the owner and developer of the world famous Certified Ethical Hacker (CEH) course, Computer Hacking Forensics Investigator (CHFI) program, License Penetration Tester (LPT) program and various otherinformation security training programs offered in over 60 countries around the globe. EC-Council has trained over 80,000 individuals in technical security training and certified more than 30,000 security professionals. EC-Council has launched the Center of Advanced Security Training (CAST), to address the deficiency in the lack of highly technically skilled information security professionals. www.eccouncil.org.

Total Views: 403Word Count: 701See All articles From Author

Add Comment

Others Articles

1. Queen Size Cotton Bed Sheet In Jaipur: Experience The Ultimate Comfort And Style
Author: Handmade Bed Sheet

2. Embedded Fpga Market Global: Detailed Analysis Covering Major Factors
Author: Martin Lueis

3. Airteltez Payment All Process Full Detals
Author: Lalit Hembram

4. Online Pooja: Bridging The Sacred And Digital Worlds
Author: Nidhi Shrimali

5. Vinfertility: Your Guide To The Best Fertility Care Centers In Mumbai
Author: vinsfertility private limited

6. The Hackett Group Recognized As The 2024 Finance Transformation Award Winner By Onestream Software
Author: Orson Amiri

7. Owkin Unveils Ai-driven Oncology And Immunology Pipeline, In-licenses Best-in-class Asset Okn4395
Author: Orson Amiri

8. Luxury Cab Fleet Management System In Dubai
Author: Arsal

9. Celebrate Our Seniors
Author: Im Perfect by Urveez

10. Why Choose Evurbo? Discover Its Unique Benefits
Author: EVURBO

11. Ensuring Product Safety And Integrity Through Ista Packaging Testing
Author: URS Labs

12. Free Matrimonial Site In Punjab | Princess Matrimony
Author: Princess Matrimony

13. State Of Mental Health In India
Author: Im Perfect by Urveez

14. Vitesse Raises $93m In Series C, Curt Hess Named Us Executive President
Author: Orson Amiri

15. Reactive Technologies Secures $31.4m For Global Expansion, Led By M&g
Author: Orson Amiri

Login To Account
Login Email:
Forgot Password?
New User?
Sign Up Newsletter
Email Address: