A new cyber enemy has just landed

  • Team Omega
  • December 16, 2014

The latest in cyber security is unauthorized https certificates originating from known name authentic vendors! How does this happen? What can you do to prevent it?

Online digital certificates are used by Web servers for identification purposes and to encrypt traffic between the server and user. The certificates are for security reasons and help prevent unauthorized communications from and to a site. So, when the certificate itself is a counterfeit, the criminal can obtain easy access to all the information that passes back and forth to a browser. This of course can result in all types of criminal activities.

Forged certificates can allow an attacker to spy on information sent between a Web server and a browser even though the connection appears to be secure. A write-up on TechTarget says, “In a recent incident, unauthorized digital certificates for a number of Google’s domains were issued by the CA National Informatics Centre of India (NIC) when its issuance process was compromised. Google quickly blocked the unauthorized certificates in Chrome by issuing a CRLSet. India CCA later revoked all the NIC intermediate certificates, and another CRLSet push was performed to include that revocation.”

Here is what the article recommends. “Browsers base trust decisions on the inclusion of roots of trust in a root store, so the best way for enterprises to safeguard their users from malicious certificates is to ensure that browsers are kept up to date with current certificate trust lists. Turning on certificate revocation checking in a browser is not that efficient at establishing whether a certificate is still valid and tends to slow down page-load times considerably. A better option is using a firewall that can deep-scan SSL-encrypted traffic to sniff out fake certificates or malicious code. Security teams should also monitor security news feeds and delete untrusted root certificates from the root store manually before updates become available if the risk to a network is deemed unacceptable. Instructions to remove a root and clear the local cached CTL across an enterprise network can be issued via Group Policy.”

For more details, read the entire article on searchsecurity.techtarget.com.