Short Bytes: Earlier this month, a new set of minimum security requirements for Certificate Authorities was announced. This change, and some major developments related to CAs and online security, is fueled by a 2011 hack that affected about 300,000 Iranian internet users and a Dutch Certificate Authority DigiNotar.Back in 2011, the Google emails of as many as 300,000 Iranian netizens were intercepted using fraud security certificates. Google responded to these reports of attempted SSL man-in-the-middle attacks.
But, as Google Chrome was able to detect the fraudulent certificate and didn’t load the fake website, the users were protected from the attack. The findings indicated that it was a result of a hack against a Dutch Certificate Authority outfit DigiNotar.
Between the period of 10 July and 20 July, the hackers compromised DigiNotar’s access and issued 531 rogue SSL certificates for Google, Skype, and Mozilla add-ons and domains.
This compromise was used to spy on the Iranian internet users. Fox-IT, the security firm hired by the Dutch government to examine the breach, found lots of security shortcomings at DigiNotar that allowed the hack to take place. Its servers ran out-of-date software, and its network was poorly segmented. Also, the passwords weren’t strong enough.
Since 2011, the Certificate Authorities (CAs) and browsers have made significant progress. While the DigiNotar hack might be forgotten, it was a wake up call for the industry. Since then, certificate pinning has become more common. Another initiative named Certificate Transparency has been taken to make all the valid certificates publicly accessible.
In a recent step to improve our trust in the internet infrastructure, a set of new minimum security requirements for CAs like DigiNotar was announced by CA Security Council (CASC). These requirements are the first-ever standardized code signing guidelines. Microsoft is the first software vendor to adopt them, and others are expected to join the cause.
Did you find this story on DigiNotar hack interesting? Don’t forget to share your views and feedback in the comments section.