Originally published: April 13, 2011
The Comodo Group, an Internet security company, has been attacked in the last month by a talkative and professed patriotic Iranian hacker who infiltrated several of the company’s partners and used them to threaten the security of myriad big-name Web sites. But the case is a problem for not only Comodo, which initially believed the attack was the work of the Iranian government. It has also cast a spotlight on the global system that supposedly secures communications and commerce on the Web.
The encryption used by many Web sites to prevent eavesdropping on their interactions with visitors is not very secure. This technology is in use when Web addresses start with “https” (in which “s” stands for secure) and a closed lock icon appears on Web browsers. These sites rely on third-party organizations, like Comodo, to provide “certificates” that guarantee sites’ authenticity to Web browsers. But many security experts say the problems start with the proliferation of organizations permitted to issue certificates. Browser makers like Microsoft, Mozilla, Google and Apple have authorized a large and growing number of entities around the world — both private companies and government bodies — to create them. Many private “certificate authorities” have, in turn, worked with resellers and deputized other unknown companies to issue certificates in a “chain of trust” that now involves many hundreds of players, any of which may in fact be a weak link.
- Defense, Homeland Security jointly respond to cyber attack on Lockheed Martin
- Cyber attackers disrupt Internet in Iran: official
- Hacker Group Claims Responsibility for New Sony Break-In
- Cybersecurity: Time to Act?
- The real Iranian threat: Cyberattacks
- US Guidelines Aim to Bolster Software Security
- Iran moves websites to guard against cyber attacks
- More companies reporting cybersecurity incidents
- A new brand of cyber security: hacking the hackers
- Nations prepare for cyber war
- Key infrastructure often cyberattack target: survey
- VOA Site Hacked By Apparent Iranian Pro-Gov Group
- Create a voluntary cybersecurity certification program
- Computer attack on Iran nuclear program adds urgency to cybersecurity efforts
- Iran Confirms Attack by Virus That Collects Information