Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Certificate Authority Hack Points To Bigger Problems: Page 2 of 2

One of the biggest issues to me is to what extent this single breach reaches. The Dutch government was heavily impacted due to its use of DigiNotar for government services. And, of course, any sites or businesses that found themselves on the list of fraudulent certificates will need to ensure they and their customers weren't targeted. There is also speculation that this was an incident of cyberwarfare, as some evidence points to the attacker as being based in Iran.

But what does this mean to businesses? If you do find yourself on the list
of compromised certificates
, you need to do an audit of your access logs and also encourage users and customers to make sure they have updated browsers that are revoking the fraudulent certificates.

For the rest of us, all I can say is to remember that SSL and digital certificates are not a perfect solution. All it takes is one incident like this to show how much Internet security is based on a house of cards.

Hopefully, this incident will lead to some reform of the certificate authority structure. There definitely needs to be more protections in place to make sure that, when this happens again, the response will be quick and effective and the breached authority won't be able to sit on the information like DigiNotar did.

There's an old saying that goes, "Who watches the watchers?" Right now, we need to be asking, "Who certifies the certificate authorities, and who will make sure that our Internet communications are as secure as they can be?"