Trust Guard Responds to Reports of Yet Another SSL Certification Company Breach, Warning Customers to Avoid Sites Without Layered Security

Share Article

Dave Brandley addresses hack reports as the vulnerabilities of the SSL system are brought to the world’s attention once again as hackers breach StartCom, the company behind StartSSL. He urges customers to take precaution.

News Image
Security must be layered, an SSL Certificate along with website security scanning is the only way to go for constant protection

Trust Guard addresses website security as the vulnerabilities of the SSL system are brought to the world’s attention once again. Hacker reports buzz about the recent breach at StartCom, the company behind StartSSL, and Trust Guard sends warning to their customers about the need to take caution.

According to E-Week Europe, StartSSL, the certificate authority which is trusted by major browsers, Microsoft Internet Explorer, Google Chrome, and Mozilla Firefox, has suffered a recent attack. Hackers broke into their system a week ago, assuming with the intention of creating forged certificates, which could allow them to reportedly fake the "authentication pages" of websites.

Dave Brandley, co-founder of Trust Guard, a leading website security company, believes it’s part of the risk of the SSL system, “There are many misconceptions of the SSL Certificate. People like to think an SSL Certificate makes a website safe, when in fact SSL has nothing to do with a website’s security. An SSL certificate only protects data in motion, but people get the idea that when they see that lock image, all of their information is secure forever. However, there are fundamental problems with a single layer security system.”

According to The Register, Comodo, another similar site was targeted in March and hackers were able to forge certificates for several addresses including Google mail. These companies are more frequently becoming targets for hackers. Though, they don't always seem to be good enough to get what they want. Unlike Comodo, the hackers responsible for the breach on StartCom were allegedly unsuccessful in obtaining certificates that they could use to imitate websites. According to the COO/CTO Eddy Nigg via an interview with The Register, “The private encryption key at the heart of the company's operations isn't stored on a computer that's attached to the Internet, so they didn't get their hands on that sensitive document, either.”

This is one of many attacks on a company that issues SSL certificates. As SSL certificates are hacked more frequently it poses the pertinent question from consumers: What can we trust? In a survey by Trust Guard, security is a customers biggest fear.

SSL companies are becoming increasingly prone to security breach, as this is the fifth breach of this nature this year according to E-Week Europe. The SSL Certificate system is the cornerstone of internet trust. “These certificates are what allow people to sleep at night, and allow business’ to believe data is safe and secure. Obviously it’s just not the case, and we all need to realize there is not one perfect solution to something as complex as Internet security. Security must be layered, an SSL Certificate along with website security scanning is the only way to go for constant protection,” said Brandley.

###

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Dave Brandley
Visit website

Media