Digital Certification Authority Suffers Security Breach

Recently, StartCom, which issues StartSSL digital certificate, suffered security breach. Earlier in the year, another certification authority Comodo faced security breach at some of the company's registration authorities. All major Internet browsers such as Internet Explorer, Firefox and Chrome accept StartSSL certificate. StartCom has suspended issuance of digital certificates following the security breach. The earlier attack on Comodo registration authorities affected domains such as login.live.com, mail.google.com, google.com, login.yahoo.com, login.skype.com, addons.mozilla.org and global trustee. Developers of web browsers blacklisted fraudulent certificates after the security breach at Comodo. Attackers reportedly sought certificates for many of the same websites in the latest security breach. However, preliminary investigations do not indicate access to any certificates or sensitive information by attackers. A notice on the StartCom's website says that users of the valid web certificates remain unaffected by the breach. Similarly, visitors to website holding StartSSL certificate also remain unaffected by the security breach.

Attackers may use drive-by attacks to entice users to visit websites with fraudulent certificates. The fraudulent sites may appear strikingly similar to legitimate sites. Alternatively the web address may look similar to that of a legitimate site, making users trust the authenticity of the site. Attackers may use such sophisticated techniques to extract log in credentials, financial details or download malicious files on their computer systems. Cyber-attackers are constantly devising new techniques and approaches to defraud users, infect their computer systems or extract sensitive personal or financial information.

Regular evaluation of the network infrastructure is crucial to combat the ever evolving security threats. Professionals qualified in masters of security science and penetration testing may help in timely identification and remediation of security lapses. Penetrating testing helps organizations in identifying the potential attack vectors, and helps information security professionals in initiating mitigating measures before exploitation of security flaws by attackers. Security certifications and online university degreeprograms could enable IT professionals to update their skill sets and technical know-how to effectively deal with the emerging security threats.

Workshops, seminars, online degree and e-learning programs may help employees in understanding security issues in the Internet environment.  Regular updates on latest security threats may help in fostering security conscious culture in the organization.

masters of security science