Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
The Internet Networking Security IT

Four CAs Have Been Compromised Since June 87

Trailrunner7 writes "The EFF, through the use of its SSL Observatory, has taken a look at the data from certificate revocation lists for SSL certificates in recent months, and found that there were four separate CAs compromised in the last four months. The only widely known CA compromise since June is the attack on DigiNotar this summer that completely compromised that company's CA infrastructure and eventually led to it being shut down. All of the major browser vendors were forced to revoke their trust in the DigiNotar root certificates and the attacker who claimed credit for the attack said that he also had compromised several other CAs. There are apparently three other CAs that have discovered compromises since June, but have not made them public."
This discussion has been archived. No new comments can be posted.

Four CAs Have Been Compromised Since June

Comments Filter:
  • by SydShamino ( 547793 ) on Friday October 28, 2011 @04:17PM (#37873238)

    Short of the companies wanting to the good/legal thing, how do you get them to make it public if it quickly puts them out of business? This is the same problem as with any security breach, except aggravated because the CAs basically have just five "customers" (the five major browsers), all of which compete in the realm of being the "safest" and so all five have to pull the root certificate for anyone who announces a problem.

A consultant is a person who borrows your watch, tells you what time it is, pockets the watch, and sends you a bill for it.