Hackers
have hacked into 3 companies which are known as Certificate Authorities
or CAs. These companies issue Digital Certificates and work with
various web browsers to ensure that what you open is the real website
and not a phishing page or fake page.
However, a Hacker hacked into a CA name DigiNotar this summer and began creating hundreds of fake certificates which can be used to make fake sites look legitimate.
Unable to deal with the large fallout, the company recently closed shop and filed for bankruptcy. 2 More Digital certificate issuing companies - Comodo & GlobalSign were hacked around the same time. This exposes the large security weakness in the current system in place.
"The infrastructure baked into the Internet, which is based on trust, is starting to fall apart," said Michael Sutton, Vice president of Research at a security firm. "If somebody can issue faked digital certificates, it throws the entire process into chaos."
These Digital certificates offer secure encrypted communication between the user's web browser and the server operating the website. Hence, sniffing is not possible. People often check these certificates to ensure that a website is legitimate and not fake.
The hacker that gained access to DigiNotars system issued around 531 digital certificates for fake websites, impersonating online properties of internet bigwigs including Google, Skype, Microsoft, Twitter, Equifax, Facebook, & the CIA.
These fake pages were mainly used to gather sensitive data from individuals.
"No banks or payment service websites were targeted" says Mikko Hypponen, from anti-virus firm F-Secure.
Only Personal Data, Login Credentials were collected resulting in non-financial gains, possibly political reason.
Fake Google Web site were being used to track around 300,000 users in Iran alone. "I'm most concerned about disruption as a motive," says Roel Schouwenberg, from Kaspersky. "I'm talking about cyberwar, but even more so about hacktivism."
Google spokesman Jay Nancarrow noted that Google's Chrome browser detected one of the fake certificates "that ultimately led to the revelation of the DigiNotar compromise."
The pressure is now on CAs worldwide to make themselves more hack-proof. And for the browser makers to do more to identify and quickly eradicate counterfeit certificates and fake Web pages, security experts say.
"The security of the Web is our collective responsibility," says Johnathan Nightingale, Mozilla's director of Firefox engineering. "To improve it, we need a continuing, and open, dialog supported by focused action."
Contact => www.facebook.com/ryan.manjothi
However, a Hacker hacked into a CA name DigiNotar this summer and began creating hundreds of fake certificates which can be used to make fake sites look legitimate.
Unable to deal with the large fallout, the company recently closed shop and filed for bankruptcy. 2 More Digital certificate issuing companies - Comodo & GlobalSign were hacked around the same time. This exposes the large security weakness in the current system in place.
"The infrastructure baked into the Internet, which is based on trust, is starting to fall apart," said Michael Sutton, Vice president of Research at a security firm. "If somebody can issue faked digital certificates, it throws the entire process into chaos."
These Digital certificates offer secure encrypted communication between the user's web browser and the server operating the website. Hence, sniffing is not possible. People often check these certificates to ensure that a website is legitimate and not fake.
The hacker that gained access to DigiNotars system issued around 531 digital certificates for fake websites, impersonating online properties of internet bigwigs including Google, Skype, Microsoft, Twitter, Equifax, Facebook, & the CIA.
These fake pages were mainly used to gather sensitive data from individuals.
"No banks or payment service websites were targeted" says Mikko Hypponen, from anti-virus firm F-Secure.
Only Personal Data, Login Credentials were collected resulting in non-financial gains, possibly political reason.
Fake Google Web site were being used to track around 300,000 users in Iran alone. "I'm most concerned about disruption as a motive," says Roel Schouwenberg, from Kaspersky. "I'm talking about cyberwar, but even more so about hacktivism."
Google spokesman Jay Nancarrow noted that Google's Chrome browser detected one of the fake certificates "that ultimately led to the revelation of the DigiNotar compromise."
The pressure is now on CAs worldwide to make themselves more hack-proof. And for the browser makers to do more to identify and quickly eradicate counterfeit certificates and fake Web pages, security experts say.
"The security of the Web is our collective responsibility," says Johnathan Nightingale, Mozilla's director of Firefox engineering. "To improve it, we need a continuing, and open, dialog supported by focused action."
Contact => www.facebook.com/ryan.manjothi
Posts
0 comments:
Post a Comment