summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSergey Matveev <stargrave@stargrave.org>2017-07-13 11:07:19 +0300
committerSergey Matveev <stargrave@stargrave.org>2017-07-13 11:07:19 +0300
commitd722fb300a046783c9bf7bec055c18dcb828f8ee (patch)
tree4b825dc642cb6eb9a060e54bf8d69288fbee4904
parente92c0325dcd26f3d85024ad6ee3d72d493c6afc5 (diff)
Компрометация известных не китайских CA
Недавно были новости о том что WoSign и StartCom все из себя плохие CA и их отзывают и не доверяют (c1d991e20528f6b0e84b06cda975543a69a502d2). Вот тут кое какой список нашёл о том что куда более крупные и известные CA совершали куда более серьёзные нарушения и факапы, но им ничего за это не было: https://www.eff.org/deeplinks/2015/09/symantec-issues-rogue-ev-certificate-googlecom Symantec Issues Rogue EV Certificate for Google.com https://threatpost.com/fraudulent-certificate-google-domains-found-after-mistake-turkish-ca-010313/77361/ Fraudulent certificate for Google domains found after mistake by turkish CA https://defcon.org/images/defcon-17/dc-17-presentations/defcon-17-zusman-hacking_pki.pdf https://www.cnet.com/news/microsoft-warns-of-hijacked-certificates/ VeriSign issues two digital certificates in the software giant's name... https://en.wikipedia.org/wiki/Diginotar#Issuance_of_fraudulent_certificates On July 10, 2011, an attacker with access to DigiNotar's systems issued a wildcard certificate for Google. https://en.wikipedia.org/wiki/Comodo_Group#2011_breach_incident In 2009 Microsoft MVP Michael Burgess accused Comodo of issuing digital certificates to known malware. https://en.wikipedia.org/wiki/Comodo_Group#2011_breach_incident On March 23, 2011, Comodo posted a report that 8 days earlier, on 15 March 2011, a user account with an affiliate registration authority had been compromised and was used to create a new user account that issued nine certificate signing requests.
0 files changed, 0 insertions, 0 deletions