http://www.computerworld.com/s/article/9224082/Trustwave_admits_issuing_man_in_the_middle_digital_certificate_Mozilla_debates_punishment By Lucian Constantin IDG News Service February 8, 2012 Digital Certificate Authority (CA) Trustwave revealed that it has issued a digital certificate that enabled an unnamed private company to spy on SSL-protected connections within its corporate network, an action that prompted the Mozilla community to debate whether the CA's root certificate should be removed from Firefox. The certificate issued by Trustwave is known as a subordinate root and enabled its owner to sign digital certificates for virtually any domain on the Internet. The certificate was to be used within a private network within a data loss prevention system, Trustwave said in a blog post on Saturday. The CA took steps to ensure that the subordinate root could not be stolen or abused. The certificate was stored in a Hardware Security Module, a device built specifically for the management of digital keys, which ensured that its extraction was impossible, Trustwave said. The company also performed on-site physical security audits to make sure that the system can't be removed from the premises and used to intercept SSL-encrypted (Secure Sockets Layer-encrypted) traffic on another network. [...] _____________________________________________________ Did a friend send you this article? Make it your New Year's Resolution to subscribe to InfoSec News! http://www.infosecnews.org/mailman/listinfo/isnReceived on Thu Feb 09 2012 - 00:18:26 PST
This archive was generated by hypermail 2.2.0 : Thu Feb 09 2012 - 00:24:42 PST