Wednesday, August 31, 2011
The conceptual problem is that PKI stands on the trust to companies that issue certificates (CA). When there were few CAs and they did their job, everything was fine. As the number of certificates issued increased, CAs started to outsource their work to resellers and lower their cost by automating certificate issuance. So now this kind of problems will happen again and again.
Read the story and today's official statement (which proves my words -- if the computer issuing the certificates would not be connected to network, the trouble would not happen).
Thursday, August 25, 2011
Yipe! While DoS attacks hardly have a 100% working remedy, weakness to some special kind of attack means that another generation of script kiddies to put servers down just for fun.
"Apache Killer" tool spotted in the wild
Friday, August 19, 2011
Trojanized Android app intercepts messages to hide costly subscriptions
Now that is nasty. Note, however, that the user must install the trojan first, and users who don't pay attention to permissions requested by the installed application, probably deserve some lessons.
Tuesday, August 16, 2011
An article about how SSL is misused (or not used at all).
The point is that SSL itself is secure, and it's people whose mistakes and misunderstandings make SSL-protected resources vulnerable.