At Least 4 Web Authentication Authorities Breached Since June
The Register reports at least four web authentication authorities have reported being compromised in as many months, according to research from the Electronic Frontier Foundation. This renews serious questions about a technology that millions of websites rely on to remain secure. Two certificate authorities have experienced security breaches that required certificates to be revoked, renewing a criticism that has dogged SSL for years. With more than 600 authorities trusted by major browsers, there are too many points of single failure. As demonstrated by the DigiNotar debacle, the compromise of just one authority allows impostors to obtain digital certificates that Google Mail, Skype, or other services use to encrypt gigabytes worth of sensitive traffic and prove their servers are authentic, rather than easily forged impostors.
