A blunder by UK business Trustico has resulted in drastic action from RapidSSL who are immediately 23,000 website certificates around the world. Trustico accidentally emailed out customers private keys, which are meant to be kept secret at all times, compromising the security of all websites affected. In retaliation RapidSSL have announced that all of their Trustico certificates will be revoked by the end of today and, unless they are replaced, will render their respective websites useless. Nick Hunter, Senior Technical Manager at Venafi commented below.
Nick Hunter, Senior Technical Manager at Venafi:
“Bad things are more likely to happen anytime organisation allows a third party to manage their private keys. Organisations need to perform immediate risk assessments of their key and certificate management program, from issuance to revocation – and this incident proves why. The only way to protect yourself from these kinds of situations is to control key generation yourself using an automated, centralized key management solution.”
About the Author
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.
