Too Trusted to Fail: Attacks on SSL Server Certificate Infrastructure in 2011
Two publicly disclosed attacks on the infrastructure for issuing SSL Server Certificates made headlines in 2011 â in large part based on the evidence that they were part of a state-sponsored effort to hijack the trust of legitimate domain names, and thereby gather private or sensitive information from its unsuspecting citizens. From the perspective of the countless enterprises that rely upon the global foundation of trust provided by SSL Server Certificates, however, the three key implications should be a renewed preference for top quality Certification Authorities, a continued shift toward higher assurance EV SSL Server certificates, and a higher priority for assessing the risk of current certificate revocation mechanisms.
- Presenting
- Derek E. Brink, Vice President and Research Fellow for IT Security, Aberdeen Group
- Channel
- Aberdeen Group / IT Security
- Date
- Oct 25 2011
- Duration
- 00:22
- Tags
- EV, SSL, Server Certificates, Extended Validation
Flash is required to view this webcast/channel:
You need version 9.0.115.0 or later of the free Flash player from Adobe
to use this content. To download and install the free player from Adobe's web site
click here.
