Certificate Attacks on Google

Like many of you involved in security, I have been following the recent news about the recent compromise of a Dutch certificate authority (presumably by the government of Iran, but not proven). There was a brief piece earlier in the New York Times (click here). You also can find a great explanation and exposition of exactly what happened and what it means in this blog post.

Yes, the Internet is a very scary place.

UPDATE:

Here are some additional articles that shed some more light on the risks and what you need to know:

• If you read nothing else, please read this post (click here) from my colleague, Morgan Tremper. As he says, "Far and away, the most essential method for staying ahead of threats to your security is fixing the problems that the industry already knows about." A very clever man is our Morgan. What Morgan points out is that there is something you can do to protect yourself, but you (and all your users) have to *do* it!

• "The disturbingly complete compromise of DigiNotar, the Dutch certificate authority, has broad ramifications for other CAs, enterprises and consumers who rely on the shaky web of trust that comprises the CA system. Here's what you should know about the attack and what you can do to protect yourself against intrusions resulting from it." (Click here to read more) .

• "The details of the attack on DigiNotar that began to leak out on Monday have gotten uglier by the day as more and more researchers have looked into the compromise and the depth of the problem became clear." (Click here to read more).

Happy reading on this holiday weekend.