To some, these incidents illustrate a core flaw in the system. "There are a very large number of certificate authorities that are trusted by everyone and everything," Peter Eckersley, senior staff technologist at the Electronic Frontier Foundation, told CNET after one of the attacks. "We have 1,500 master certificates for the Web running around. That's 1,500 places that could be hacked." Echoing the concerns, Mike Zusman of Web app security firm Intrepidus Group said at the time of the attacks: "These organizations act as cornerstones of security and trust on the Internet, but it seems like they're not doing basic due diligence that other organizations are expected to do, like the banks."
Thursday, August 23, 2012