W3C home > Mailing lists > Public > www-tag@w3.org > December 2014

Cert Authorities, Security, etc. -- another anecdote

From: Noah Mendelsohn <nrm@arcanedomain.com>
Date: Wed, 10 Dec 2014 11:43:35 -0500
Message-ID: <54887837.9030807@arcanedomain.com>
To: "www-tag@w3.org" <www-tag@w3.org>
Another anecdote for the TAG to consider as it wrestles with issues 
relating to identity, security and the switch to HTTPs:

http://threatpost.com/new-version-of-destover-malware-signed-by-stolen-sony-certificate/109777

In short, hackers (famously) arranged a massive penetration of Sony's 
network. While there, they apparently stole copies of the keys needed to 
sign software for use with Sony's CA-authorized certificate, and...they 
went and signed a version of the very software they had used to achieve the 
breakin in the first place.

Noah
Received on Wednesday, 10 December 2014 16:44:00 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 22:57:08 UTC