Page 2 of 3
In general, channel partners contend that DigiNotar’s rogue SSL disaster indicates an overwhelming and often unbalanced reliance on SSL certificates as a hallmark of security.
“Companies that rely just on SSL -- that’s all that it is. They’re looking it. They’ve got a check mark. They don’t know that their web site is vulnerable,” said Dennis London, partner and vice president of Fountain Valley, Calif.-based London Security Solutions.”There are too many people relying just on that little check mark."
“Just seeing that check mark has always been a false sense of security,” Sockol added. ”Nothing has changed. Very few people click on that locked icon and validate that it’s their trusted authority.”
London said that while the DigiNotar hack doesn’t necessarily diminish the importance of SSLs, the incident underscores the need for organizations to conduct separate and regular vulnerability scans in order to detect security holes or compromises that may have emerged since the SSL was issued.
The issue also provides a conversation starter that allows channel partners to get in the door with their customers by emphasizing the importance of vulnerability scans to pass audits and prevent major security disasters, including rogue SSL certifications, he said.
“If they have externally facing web sites and databases, or if they have to adhere to PCI and HIPAA and any of the other compliance models, they need to have daily scans,” London said. “A lot of people are taking SSLs for granted. This may end up opening their eyes a bit more.”
Meanwhile, DigiNotor is just one of several CAs that have experienced a major compromise in recent months. Earlier this year, hackers targeted the SSL certificate authority Comodo by going after four of its resellers earlier this year in attacks that enabled them to gain unauthorized access to sensitive data.
During the attack, hackers launched a SQL injection assault that exploited vulnerabilities in a Comodo reseller’s Web site that allowed them to take control of the site’s backend server. The attackers then posted two data files that exposed information related to certificate signing requests, which included employee e-mail addresses, user IDs and passwords.
The spate of attacks prompted the company to revoke the signing privileges of all its resellers and implement a two-factor authentication system for them to use.