Venafi

SourceSecurity.com

Venafi announces availability of report on need for enterprises to deploy management solutions

“‘Despite the frequent and disruptive certificate authority (CA) compromises and the resultant digital certificate trust issues for those CAs, we are continually surprised to find that IT security teams are unaware of and unprepared for the consequences of poorly managed X.509 certificates. Organisations are using large numbers of certificates to encrypt and protect information and authenticate systems to one another-in their data centers, private clouds and now on mobile devices. What’s amazing is how few know how many certificates are installed and in use, when they are going to expire, or who the issuing CAs are,’ said Jeff Hudson, Venafi CEO.”
Read More

Credit Union Times

Hackers Targeting Certificate Authorities

“These organizations know that they are high-value targets and take extraordinary measures to protect themselves, and yet they are still successfully attacked and breached despite these best efforts. If a certificate authority is compromised or an encryption algorithm is broken, organizations must be prepared to replace all of their certificates and keys in a matter of hours. The problem is this: few organizations have an automated management platform that gives them the power to replace compromised certificates quickly. Instead, replacing known and compromised certificates is largely a manual effort.”
Read More

Infoboom

Digital Certificate Authority Trustwave in Trouble After Snoop Certificate Issued

“The company also made sure to clarify again that they issued the certificate for a private internal corporate network and not a government agency, Internet service provider (ISP), or any law enforcement agency. Unfortunately, even the idea that such a certificate could exist and be used with such a broad scope has added fuel to the fire. Calum McLeod of certificate and digital key management company Venafi says that issuing certificates similar to the one signed by Trustwave is ‘a common industry practice,’ and that ‘just because Trustwave did not issue a subordinate root certificate to a government, an ISP or a law enforcement agency, does not mean that other CAs haven’t done so.’”
Read More

CIO Magazine

Trustwave admits issuing man-in-the-middle digital certificate, Mozilla debates punishment

“Trustwave defended itself by saying that the issuing of subordinate roots to private companies, so they can inspect the SSL-encrypted traffic that passes through their networks, is a common practice in the industry. However, the CA decided to stop issuing such certificates in the future and revoke the existent ones. ‘I would say that Trustwave should be commended for making this statement public, knowing that this could result in reputational damage,’ said Calum MacLeod, director for the EMEA region at Venafi. ‘I believe it is commendable that they will no longer continue this practice, but the reality is, in my opinion, that this is a common industry practice.’”
Read More

ARN

Trustwave admits issuing man-in-the-middle digital certificate, Mozilla debates punishment

“Digital Certificate Authority (CA) Trustwave revealed that it has issued a digital certificate that enabled an unnamed private company to spy on SSL-protected connections within its corporate network. Calum MacLeod, director for the EMEA region at Venafi, pointed out that just because Trustwave did not issue a subordinate root certificate to a government, an ISP or a law enforcement agency, does not mean that other CAs haven’t done so. ‘Maybe it’s time websites carried the same message as the telephone service; this session may be recorded!’”
Read More

Global Security Mag

Venafi: Why are the Hackers Targeting Certificate Authorities and what can you do about it?

“If companies that pride themselves on providing the most advanced and sophisticated network security solutions can’t protect themselves, how can they look after us? DigiNotar was so seriously damaged that it went out of business—an unprecedented event in the IT security industry. Hackers have been targeting and breaching high-value targets like RSA, Comodo, and DigiNotar – the news that VeriSign was compromised should not be a surprise to anyone. The inescapable conclusion is that these providers will continue to be compromised. What we have to do is learn how to anticipate these criminal attacks and prevent them.”

Read More

PCWorld

Trustwave Admits Issuing Man-in-the-middle Digital Certificate, Mozilla Debates Punishment

“Trustwave might have taken significant steps to ensure that its subordinate root will not be abused, but this is not necessarily true for all cases where companies make use of this technique. ‘In the vast majority of enterprises today, there is little or no control over the security and management of private keys,’ said Calum MacLeod, director for the EMEA region at Venafi. ‘In most cases, the private keys are not being protected, and system administrators are handling keys manually.’”
Read More

Vigilance Security Magazine

Venafi hosts resource for market education and industry best practices

“Venafi today announced the availability of a report on the critical need for enterprises to deploy automated certificate discovery and management solutions. The report—X.509 Certificate Management: Avoiding Downtime and Brand Damage, published Nov. 4, 2011, by leading research firm Gartner—highlights the time, cost and vulnerabilities associated with manually reviewing and managing security certificates. The report analyzes current manual techniques, discusses methods for remediating resulting problems, and underscores the need to protect enterprise assets by automating certificate management.”
Read More

eWeek

VeriSign Breach Not A Surprise, Attackers Target Everyone

“Companies get breached. That’s the lesson of 2011. Large or small, no organization is immune to attacks. High-value targets that specialized in technologies that are extensively used to authenticate and create trusted relationships online have been compromised recently, such as RSA Security, Comodo and DigiNotar, said Jeff Hudson, CEO of Venafi. These organizations are aware that they are targets and take measures to protect themselves, he said. Not only does it mean breaches cannot be stopped, organizations need to start thinking about not relying on only one provider or technology.”
Read More

Global Security Mag

Venafi: Has The VeriSign Certificate Authority Been Hacked?

“Yesterday evening, the news that VeriSign had been hacked in 2010 hit the newswires, and it seems that today in many organizations, CSOs and other senior security staff are being asked to explain to their executives the implications of this. VeriSign said it was a frequent subject of ‘the most sophisticated form of attacks,’ including some that are ‘virtually impossible to anticipate and defend against.’ What this if anything should drive home to any organization is that everyone is a potential victim, and that Certificate Authorities are the focus of attacks. Ultimately it is not SSL that’s broken, but the management of SSL in large enterprises.”
Read More