Following the news that Google has published a list of certificate authorities that it doesn’t trust, Brian Spector, CEO at MIRACL, comments:
“The fact that Google needs to keep a log of all the dodgy certificates out there shows just how prevalent this problem really is. As we have seen time and time again, any determined and well funded attacker can keep trying the myriad of commercial certificate authorities until one with lax controls issues a legitimate code signing certificate.
It’s great to see Google making such efforts to protect users. But despite their best intentions, this latest initiative is basically an attempt to patch a problem that can’t be patched. The problem is architectural – it’s based on outdated public key infrastructure that creates a single point of compromise on the internet. The best thing to do is start over with a new system which distributes trust across multiple points. If we do nothing, fake certificates will destroy the trust architecture on the Internet, and once trust is gone, you can’t get it back.”
[su_box title=”About Brian Spector” style=”noise” box_color=”#336588″][short_info id=”60907″ desc=”true” all=”false”][/su_box]
Most Commented Posts
2020 Cybersecurity Landscape: 100+ Experts’ Predictions
Cyber Security Predictions 2021: Experts’ Responses
Experts’ Responses: Cyber Security Predictions 2023
Data Privacy Protection Day (Thursday 28th) – Experts Comments
Experts Insight On US Pipeline Shut After Cyberattack
Most Active Commenters
Recent Comments
“Cybersecurity Awareness Month’s new evergreen theme "Secure Our World” is…
“Avoid storing data on personal devices: A crucial but often overlooked…
“I recommend a new nuance to passwords that isn’t often…
“In my role overseeing cloud environments and incident response, I'm…
“Cybersecurity Awareness Month serves as a reminder to confront the…