At least four Certificate Authorities have been compromised in the past four months

http://www.h-online.com/security/ne...-Certificate-Authority-break-ins-1367856.html

 

I actually like the cert system even if it is a bit broken. Whitelisting is kinda cool when used properly, even if it does have some issues.

If certs were tier'd it would work a lot better imo.

Thanks for the article.

 

You're welcome .

 

Just got back from the future. While I was there I was reading an article entitled:

"Worlds first infected motherboard with a signed UEFI secure-boot using a stolen certificate from Authority-X"

I thought that was really interesting so I added an additional 1.21 gigawatts to the flux capacitor and traveled 88 months further into the future. The headlines there read something like:

"Security researchers have discovered that GovernmentAgencyX has been using malware to replace the UEFI on most of the motherboards used by NationY's research facilities. Conspiracy theorists claim the CA willingly gave GovernmentAgencyX the keys."

Unfortunately I am all out of plutonium and Ununpentium so I don't know how the story ends.

-MessageBoxA

 

The problem with this being that not all certificates are considered valid and UEFI would not accept any signed list. Otherwise anyone can self-sign and boot whatever they want.

 

CA I did not know that "Computer Associates" was that popular. Ah! I forgot you are talking about the future. .

Thanks.

 

GlobalSign Says No Evidence of CA Compromise Found

 

Any good ones that weren't hacked?