Following the news that Google has published a list of certificate authorities that it doesn’t trust, Brian Spector, CEO at MIRACL, comments:
“The fact that Google needs to keep a log of all the dodgy certificates out there shows just how prevalent this problem really is. As we have seen time and time again, any determined and well funded attacker can keep trying the myriad of commercial certificate authorities until one with lax controls issues a legitimate code signing certificate.
It’s great to see Google making such efforts to protect users. But despite their best intentions, this latest initiative is basically an attempt to patch a problem that can’t be patched. The problem is architectural – it’s based on outdated public key infrastructure that creates a single point of compromise on the internet. The best thing to do is start over with a new system which distributes trust across multiple points. If we do nothing, fake certificates will destroy the trust architecture on the Internet, and once trust is gone, you can’t get it back.”
[su_box title=”About Brian Spector” style=”noise” box_color=”#336588″][short_info id=”60907″ desc=”true” all=”false”][/su_box]
Most Commented Posts
2020 Cybersecurity Landscape: 100+ Experts’ Predictions
Cyber Security Predictions 2021: Experts’ Responses
Experts’ Responses: Cyber Security Predictions 2023
Celebrating Data Privacy Day – 28th January 2023
Data Privacy Protection Day (Thursday 28th) – Experts Comments
Most Active Commenters
Recent Comments
Meta’s fine over data privacy breaches underscores the critical challenges…
Hi, Thanks, that is really useful information. I do have…
“This is a very worrying attack that hit T-Mobile and…
“This latest cyberattack against T-Mobile may be smaller than previous…
“Genesis Market is a complex global criminal access marketplace. Buyers…