secure Hive News Article 11

Secure Hive Ltd

Secure Hive Info

Business Finder

Shopping Mall

Car Buyer Guide

Mission Statement

Jobs at Secure Hive

Menu

» Secure Hive Info
» Business Finder
» Shopping Mall
» Car Buyer Guide »Purchase Secure Hive
» Mission Statement
» Jobs at Secure Hive

Contact

Secure Hive Ltd

1 Percy Lonnen,

Castle Fields,

Prudhoe, Northumberland,

NE42 5QU

Ph: 01661 833627

sales@securehive.com

Company No.

05300489

Reg England and Wales

VAT registration NO.

873 4512 16

All prices quoted are subject to VAT or Country Tax if applicable..

Northumberland Search Engine

[Secure Hive LTD].


Security Breach Of The Week: Groupon's Sosasta
	06.30.11

Security Breech of the Week: Citigroup
	2011-06-16

LulzSec Disbands, Apple Site Attacked And Fox Twitter Account Hacked
	07.07.11

Security Breach Of The Week: 237,234 Records Breached: Operation AntiSec Continues, Operation Green Rights Begins
	07.14.11

Independent Review of Secure Hive By Bravofiles
	07.24.11

	Back to Home for More Articles

Welcome! to Secure Hive

The Internet Taken By The Horns: WikiLeaks, Certificate Authorities, And Apache

Joe Purcell
Staff Writer securitypronews

The internet is a universe of information. Just like in reality, not everyone is permitted to go wherever they like, thus, we have military, fences, and signs that say "Employees Only". On the internet we just have Certificate Authorities (CA), usernames, and passwords. While WikiLeaks' complete database was released, the internet has been taken by the horns with the breach at the CA DigiNotar and security vulnerabilities in Apache and other software.

The full WikiLeaks database of 250,000 diplomatic cables is now released. It can be found on sites like cryptome.org. According to an interview between NewScientist and Julian Assage, there was a secure arragnement between the Guardian and WikiLeaks for them to have access to the cables in order to do journalism. Long story short, the credentials for accessing the cables was leaked. The Guardian has its own story that involves Assange telling them that the password would expire. WikiLeaks tweeted, "It is strictly false that the Guardian was told the password or file were temporary, hence the elaborate password handover method."

Nonetheless, it alll resulted in WikiLeaks publishing the entire cables in order to minimize the amount of harm that could be done. Having the information public allows for those who might do harm and those who might be harmed to have the same information. The second reason, Mr. Assange states, was that there is now a reliable source for the cables. Knowing that the cables were released, but without a sound source allows for people to claim authenticity. There have already been stories published in other countries that were based on manufactured cables. Mr. Assange appeared on 60 Minutes with CBS and the release of the cables will have enormous implications for the future.

Another earth shaking event was the breach last month of a Duth Certificate Authority, DigiNotar, which was just made public. Certificate Authorities are very little understood. An article "The Internet's Secret Back Door" by Danny O'Brien published last year explains how these Certificate Authorities work and the reason they were implemented. Essentially, SSL certificates are the way that a user knows the authenticity of the site they are viewing, which is worse than the recent DNS attacks since certificates are expected to be secure. Some 531 false certificates were released last month, and according to a nakedsecurity post the false certificates were used by the Iranian government to spy on secure communications in their country. The Tor Projects' website has a list of all rogue certs, which shows that false certificates were issued for websites such as Facebook, Twitter, Microsoft, and Google.

Continue reading this article.

More Information and trial copies of Secure Hive Click Here!