Brand damage warning follows Comodo certificate compromise

Microsoft and others have already issued warnings that nine digital certificates in active use by giants such as of Google, Microsoft Live and Yahoo have been compromised, and the fall out will be a breach of trust between the affected organisations and Internet users, warns Jeff Hudson, CEO of Venafi. "Digital certificates are used as a signal to the Internet user that the site is trusted but, if the system that provides the trust is compromised, it effectively becomes close to worthless and unsecure. This saga, whatever its cause, is going to set back Internet users' trust in Web sites," he explains. "Previously, one of the few ways that cybercriminals could fool users of high-profile and trusted web sites was to stage an evil twin or man-in-the-middle style of attack. By using this approach, the hackers are hitting at the heart of the trust amongst users [and] that's very dangerous," he adda. Hudson speculates that rogue certificates were successfully issued, using the Comodo certificate authority signing key. For him, the solution comes down to management of the certificates, the keys and associated security systems. And it's not just a technology issue, he insists: companies also need best practices for the people and processes aspect of certificate and key management. He points to a a recent survey by Venafi that found 51% of professionals admitting that they had experienced stolen or unaccounted for digital certificates – or that they were uncertain. "Consistent reports from businesses show that the number of encryption assets in their inventories is growing rapidly, and scattered individuals and teams end up having to manage them," comments Hudson. "It's against this backdrop that Venafi's enterprise approach to digital certificate and enterprise key management has really begun to catch on across a wide range of industries," he says.