9 Sep 2015 By Phil Muncaster
Most IT security professionals believe there will be a major Certificate Authority breach within the next 24 months, yet most are unprepared to respond to such a compromise, according to new Black Hat research from Venafi.
The digital cert security firm interviewed attendees at this year’s show in Las Vegas to compile its report: IT Security Professionals Know the Risk of Untrusted Certificates and Issuers, but Do Nothing.
It revealed that 90% think a leading CA will be breached in the next two years, in the manner of DigiNotar, yet 57% would be unprepared to deal promptly with it. Even worse, 30% either did not know what they would do or would continue using the same CA in such an event.
Full Article
Security Pros Predict Major CA Breach Within Two Years
+54+54Posted on 09 September 2015. A Venafi survey of 300 Black Hat USA 2015 attendees reveals that most IT security professionals understand and acknowledge the risks associated with untrustworthy certificates and keys, but take no action. The survey also reveals that some information security pros don’t understand what security services CAs do and do not provide. http://www.net-security.org/images/articles/venafi-092015.jpg Full Article
If the IT professionals know there is going to be a breach and do nothing !!! They need to wake up and smell the coffee and get with it.......................security on this issue is important.
By: Sara Peters
Security departments could take measures to protect organizations from untrusted certificate authorities and counterfeit SSL certs, but most don't bother.
Despite worries about counterfeit certificates and man-in-the-middle attacks on SSL communications, many security professionals are doing little to protect their organizations from the dangers of untrusted certificates and certificate authorities (CAs), according to new research by Venafi.
Venafi surveyed 333 attendees to the Black Hat USA conference in Las Vegas last month about their perceptions and practices regarding CAs, the arbiters of online trust, which themselves may not always be trustworthy.
One of the most recent events jeopardizing the sanctity of certificates happened in March, when MCS holdings, an intermediary for the China Internet Network Information Center (CNNIC) CA, began issuing unauthorized certificates for Google domains (which could be used for man-in-the-middle attacks). Google responded by removing CNNIC from Chrome's list of trusted root CAs; Mozilla also refused to accept CNNIC certificates issued before April 1.
full article
Security departments could take measures to protect organizations from untrusted certificate authorities and counterfeit SSL certs, but most don't bother.
Despite worries about counterfeit certificates and man-in-the-middle attacks on SSL communications, many security professionals are doing little to protect their organizations from the dangers of untrusted certificates and certificate authorities (CAs), according to new research by Venafi.
Venafi surveyed 333 attendees to the Black Hat USA conference in Las Vegas last month about their perceptions and practices regarding CAs, the arbiters of online trust, which themselves may not always be trustworthy.
One of the most recent events jeopardizing the sanctity of certificates happened in March, when MCS holdings, an intermediary for the China Internet Network Information Center (CNNIC) CA, began issuing unauthorized certificates for Google domains (which could be used for man-in-the-middle attacks). Google responded by removing CNNIC from Chrome's list of trusted root CAs; Mozilla also refused to accept CNNIC certificates issued before April 1.
full article
Login to the community
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.