GoDaddy Revokes 8,850 Wrongly Validated SSL Certificates

Following the news that GoDaddy was obliged to revoke 8,850 SSL certificates as the result of an unspecified software bug, Mark James, IT Security Specialist at ESET commented below.

Mark James, IT Security Specialist at ESET:

mark-james“SSL certificates are used to secure and protect data sent from one computer to another, this may include credit card numbers or other private information you may not want others to read or indeed steal.

If you are using your credit card to pay for items or services on websites then you would normally look for a padlock icon to visually assure you it’s safe and secure. If this system is not working but still displays the visual assurance then you may not be as safe as you think you are.

This may include things like Man-in-the-middle attacks (MITM), this is where someone intercepts the data between you and the server and pretends to be the other thus potentially listening to or harvesting your data or information. If an attacker would have found or taken advantage of the GoDaddy issue they could have technically done any of the above, GoDaddy has revoked the certificate’s to re-issue working ones that will once again enforce its security.”

Information Security Buzz