Digicert GLC kan ?
maybe their roles now same as grca
grca is a good idea, but my concern is the capability of
peoples/person/experts for handling such a very critical agency/entity
(who/how/why)
yes u can do mitm attack (fake site that look like real), malware/virus
with signed driver and many more varieties type of attack
there are more concerning impact from this event, *"CA issued 512-bit
RSA key!!!"* ... it sound (sorry to say) dump/stupid/silly ... 512-bit
RSA are factored long time ago ... 22 August 1999 to be precised (refer
: http://www.rsa.com/rsalabs/node.asp?id=2098)
remember this "in security; once silly mistake has been made, there will
be others coming ... if not today, there will be tomorrow" - jep
site:digicert.com.my intitle:"Index of /"
On 11/5/2011 9:27 AM, Harisfazillah Jamel wrote:
Should gov.my take control their own SSL/TLS Cert?
The danger of man of middle attack by using false certs.
http://tech.slashdot.org/story/11/08/30/0253254/another-ca-issues-false-certificates-to-iran
On Sat, Nov 5, 2011 at 1:24 AM, jep<[email protected]> wrote:
sad but true :(~
i bet u all can imagine the impact if "sakaiĀ²" I.T (not skiddies or lame
defacer) know how to take the opportunities from this event/news
hint: bigger picture is big, the box is small
On 11/4/2011 8:25 PM, Hazrul Hamzah wrote:
Somehow I do think that responding to incident is not our forte.. Sad
though ;)
On 04/11/2011 20:00, Adli Abdul Wahid wrote:
And until now, there's no official response from them.
- adli
On Fri, Nov 4, 2011 at 6:33 PM, Ang Chin Han<[email protected]> wrote:
It has deeper implications than that:
http://blog.mozilla.com/security/2011/11/03/revoking-trust-in-digicert-sdn-bhd-intermediate-certificate-authority/
http://blogs.technet.com/b/msrc/archive/2011/11/03/untrusted-certificate-store-to-be-updated.aspx
http://code.google.com/p/chromium/issues/detail?id=102530
_______________________
_______________________________________________
OWASP-Malaysia mailing list
[email protected]
https://lists.owasp.org/mailman/listinfo/owasp-malaysia
OWASP Malaysia Wiki
http://www.owasp.my
OWASP Malaysia Facebook
http://www.facebook.com/OWASP.Malaysia
OWASP Malaysia Twitter #owaspmy
http://www.twitter.com/owaspmy
