Last week it was found that DigiNotar, a Dutch Certificate Authority (CA), had issued a rogue SSL certificate for “*.google.com”. Hackers apparently used the fraudulent certificate to intercept Iranian users’ email, among other items. The attack went undetected by the users because their browsers trusted the DigiNotar certificate. A third-party trust provider represents an extremely high value target for hackers. Once an attacker can access and steal trust credentials, they can commit various cyber-criminal acts in pursuit of their own nefarious agenda.
- BILL BOYLE
- InfoSecurity
- Posted On