• Welcome to the American Nation News Website!

    Welcome to the ANN American Nation News website! The only place for American News, Weather, Sports Bisness, and much more all at your fingure tips! Look around, and get reading on the latest in news across the United States, and even around the world!
  • Enter your e-Mail address to follow the American Nation News and receive notifications of new posts by email.

    Join 3 other followers

  • ANN Menu

  • American Nation News is protect by CopyScape. Do not copy!

    Protected by Copyscape Originality Checker

Hacker invasion

Hackers cracked three companies that work with the most
popular Web browsers to ensure the authenticity of Web pages where consumers
type in Personal information, such as account log-ons, credit card numbers ETC.

The hacked firms are among more than 650 digital
certificate authorities, or CAs, worldwide that ensure that Web pages are the
real deal when served up by Microsoft’s Internet exsplore, Firefox, Opera, Apple’s Safari and Google’s Chrome.

But a hacker gained access to digital certificate supplier
DigiNotar this summer and began issuing forged digital certificates for hundreds
of Web pages published by dozens of marquee companies.

Unable to cope with the fallout, the Dutch firm last week
filed for bankruptcy under Dutch law and abruptly closed up shop. Two other
digital certificate companies — New Jersey-based Comodo and Japanese-owned
GlobalSign — were similarly hacked in the summer, exposing a glaring weakness in
the Internet’s underpinnings, security analysts say.

“The infrastructure baked into the Internet, which is based
on trust, is starting to fall apart,” says Michael
Sutton, research vice president at security firm Zscaler. “If somebody can
issue faked digital certificates, it throws the entire process into chaos.”

Digital certificates enable consumers to submit information
that travels through an encrypted connection between the user’s Web browser and
a website server. The certificate ensures the Web page can be trusted as
authentic. But the unprecedented attacks against CAs show how fragile that trust
can be.

The counterfeiter that gained a foothold deep inside of
DigiNotar’s system issued valid certificates for 531 fake pages, impersonating
online properties of Google, Microsoft, Skype, Equifax, Twitter, Facebook, and
the CIA,
among others, according to consulting firm Fox-IT.

This touched off a scramble to cut off the fake pages. But
the successful hacks demonstrated that it is possible to “impersonate any site
on the Internet,” says Josh Shaul, chief technical officer at security firm
AppSec.

No banks or payment service websites were targeted, says
Mikko Hypponen, chief researcher at anti-virus firm F-Secure.

The hacker seems much more interested in harvesting
personal data from e-mail services, social networks, credit bureaus, blogging
sites and anonymity services. The possible end game: espionage or political
gain.

According to the Fox-IT report, the DigiNotar hacker issued
counterfeit digital certificates for Web pages on google.com, android.com,
microsoft.com, update.microsoft.com, login.live.com, login.yahoo.com, aol.com,
wordpress.com, twitter.com, facebook.com, equifax.com and cia.gov, among other
Web domains.

The forged Google Web pages were used to spy on some
300,000 Internet users in Iran. “I’m most concerned about disruption as a
motive,” says Roel Schouwenberg, senior researcher at Kaspersky Lab.
“I’m talking about cyberwar, but even more so about hacktivism.”

Google spokesman Jay Nancarrow noted that Google’s Chrome
browser detected one of the fake certificates “that ultimately led to the
revelation of the DigiNotar compromise.”

The pressure is now on CAs worldwide to make themselves
more hack-proof. And for the browser makers to do more to identify and quickly
eradicate counterfeit certificates and fake Web pages, security experts say.

Symantec senior director Michael Lin says the current
system can be salvaged. “Consumers need to be able to interact with websites
with confidence,” says Lin.

Jeff Hudson, CEO of digital certificate management firm
Venafi, cautions that the hacks that unfolded this summer are just the
beginning. “This is a huge issue with significant ramifications to business
productivity and company brand,” says Hudson. “No one knows where the next
breach will occur, or whether it will occur in a week or three months.”

Microsoft, maker of the world’s most widely used Web
browser, Internet Explorer, declined to comment, as did Apple, maker of the
Safari browser.

However, spokesmen for Mozilla, maker of the No. 2 Firefox
browser, and Opera, a browser used widely in Europe and on cellphones, noted
that steps are being taken to shore up the current system.

“The security of the Web is our collective responsibility,”
says Johnathan Nightingale, Mozilla’s director of Firefox engineering. “To
improve it, we need a continuing, and open, dialog supported by focused action.”

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: