At least four Certificate Authorities have been compromised in the past four months

Discussion in 'other security issues & news' started by MrBrian, Oct 27, 2011.

Thread Status:
Not open for further replies.
  1. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
  2. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    I actually like the cert system even if it is a bit broken. Whitelisting is kinda cool when used properly, even if it does have some issues.

    If certs were tier'd it would work a lot better imo.

    Thanks for the article.
     
  3. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    You're welcome :).
     
  4. MessageBoxA

    MessageBoxA Registered Member

    Joined:
    Jun 20, 2011
    Posts:
    53
    Just got back from the future. While I was there I was reading an article entitled:

    "Worlds first infected motherboard with a signed UEFI secure-boot using a stolen certificate from Authority-X"

    I thought that was really interesting so I added an additional 1.21 gigawatts to the flux capacitor and traveled 88 months further into the future. The headlines there read something like:

    "Security researchers have discovered that GovernmentAgencyX has been using malware to replace the UEFI on most of the motherboards used by NationY's research facilities. Conspiracy theorists claim the CA willingly gave GovernmentAgencyX the keys."

    Unfortunately I am all out of plutonium and Ununpentium so I don't know how the story ends.

    -MessageBoxA
     
  5. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    The problem with this being that not all certificates are considered valid and UEFI would not accept any signed list. Otherwise anyone can self-sign and boot whatever they want.
     
  6. CogitoTesting

    CogitoTesting Registered Member

    Joined:
    Jul 4, 2009
    Posts:
    901
    Location:
    Sea of Tranquility, Luna
    CA I did not know that "Computer Associates" was that popular. Ah! I forgot you are talking about the future. :D.

    Thanks.
     
  7. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
  8. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    Any good ones that weren't hacked?
     
Loading...
Thread Status:
Not open for further replies.