Too Trusted to Fail: Attacks on SSL Server Certificate Infrastructure in 2011

Presented by

Derek E. Brink, Vice President and Research Fellow for IT Security, Aberdeen Group

About this talk

Two publicly disclosed attacks on the infrastructure for issuing SSL Server Certificates made headlines in 2011 – in large part based on the evidence that they were part of a state-sponsored effort to hijack the trust of legitimate domain names, and thereby gather private or sensitive information from its unsuspecting citizens. From the perspective of the countless enterprises that rely upon the global foundation of trust provided by SSL Server Certificates, however, the three key implications should be a renewed preference for top quality Certification Authorities, a continued shift toward higher assurance EV SSL Server certificates, and a higher priority for assessing the risk of current certificate revocation mechanisms.

Related topics:

More from this channel

Upcoming talks (0)
On-demand talks (38)
Subscribers (1208)
What separates "Best-in-Class" (top 20%) organizations from their "Industry Average" (middle 50%) and "Laggard" (bottom 30%) counterparts when it comes to various topics in IT Security? Aberdeen's unique, fact-based approach to market research provides a framework for end-user organizations to benchmark their own strategies, capabilities and use of enabling technologies against companies with top performance. Areas of coverage in Aberdeen's IT Security practice include topics in Identities and Access, Data Protection, IT Infrastructure Security (including Endpoints, Delivery Platforms, Applications and Databases, Networks, and Storage), Physical Infrastructure Security, Policies, and Security GRC (Governance, Risk Management, and Compliance). Complimentary access is provided to the full benchmark research reports, for a limited time after initial publication.