Pierluigi Paganini
October 30, 2017
Mozilla would remove the Dutch CA, the CA of the Staat de Nederlanden, from its trust list due to the new national legal framework. The Dutch Information and Security Services Act will come into force in January 2018 and one of the main effects of the new legal framework is that country’s certificate authority, CA of the […]
Pierluigi Paganini
July 11, 2017
Google is going to completely ban digital certificates issued by the Chinese CA WoSign, and its subsidiary StartCom starting with Chrome 61. Recently Google warned website owners that it will completely ban digital certificates issued by the Chinese certificate authority WoSign and its subsidiary StartCom. The Tech giant will no longer trust the WoSign certificates starting […]
Pierluigi Paganini
September 30, 2016
Mozilla is at the point of banning Chinese certificate authority WoSign due to a number of severe violations that could impact Internet users. Mozilla is at the point of banning Chinese certificate authority WoSign due to a number of violations, including backdating SHA -1 certificates in order to subvert deprecating certs from being trusted. According […]
Pierluigi Paganini
February 14, 2014
Cybercriminals targeting mobile applications with fake SSL Certificates to run man-in-the-middle attacks against the affected companies and their customers. There is the wrong conviction that SSL certification user can protect users from be tricked to visit a fake website. Netcraft has uncovered numerous attacks based on fake SSL certificates used to impersonate online banking websites, ecommerce , ISPs and […]
Pierluigi Paganini
February 14, 2012
After the attacks against certification authorities such as VeriSign, Comodo and DigiNotar the level of confidence in the model based on certificates is in sharp decline. There is widespread accusations addressed to the PKI paradigm (public key infrastructure ) which is based on the concept to request to trusted and credited third parties to guarantee […]
Pierluigi Paganini
December 15, 2011
2011 was a terrible year for the certification authorities, the number of successful attacks against some major companies reported is really high and totally out of any prediction. Many attacks have had disturbing consequences.It all began, or so we were led to believe, with the case Comodo. Comodo officials revealed that the registration authority had […]
Pierluigi Paganini
December 09, 2011
In this article I intend to read with you an interesting document, distributed by Imperva, in which they emphasized, the main threats that could cause significant problems in the coming year. Please carefully read the entire article, first we discuss the nine threats that worry Imperva, then I will introduce the most dangerous threats from my point of view. Do not spend days where you do not hear of cyber threats, risks and possible defense strategies implemented. Governments but […]
Pierluigi Paganini
November 08, 2011
After the Diginotar case , another certification authority, the dutch KPN has released a statement announcing the termination of their service following the discovery that it has been compromised. KPN stopped issuing certificates after the detection of DDOS Tool on Server during an audit. First investigations have illustrated that the CA has been attacked four years ago. What really scares KPN of the story is that the same company, even before being a CA, is a state telephone company, and this opens up frightening scenarios on the security […]
