Thursday, March 26, 2015

False certificates are an increasingly serious threat

100% of organizations in the UK have suffered some kind of attack with fake certificates in the past two years. The the impersonation of Certification Authorities and forgery of certificates is something increasingly common. We'll discuss it below, along with other interesting news: insecurity at gas stations, "Sextortion" with mobile phones and a curious story about scams using Wikipedia. 

According to a study by the recognized Ponemon Institute, in United Kingdom, Australia, France, Germany and the US, the attacks against keys and certificates used in web servers, network and cloud services have grown 40% in the last two years. Russian criminals recently stolen digital certificates from one of the world's top five banks, enabling them to steal data from 80 million customers. However, 63% of organizations say they know little about where their certificates are, and what are they used.

Although, if we want to freak out, nothing like other research, made by Amador Aparicio, about the devices that are within the fuel tanks and communicate via Internet to the gas control station. That's how they exchange data like petrol levels, tank temperature and others. Multiple security holes and negligences, like using the obsolete Windows XP operating system, would allow to sabotage these monitoring systems.

On a more earthly level, away from attacks on companies, the scourge of Sextortion continues to spread. They report the more frequently use of viruses in mobile phones to launch this attack, whose principal victims are men: a woman induces them to have sex on camera via visual chat and to install an application that will steal your contact list from your phone. Then, they are blackmailed for not sending the sex video to these contacts. A terrible experience that can even happen to senior managers

We end today with a curious new: 15,000 students have been scammed in India because of an article on Wikipedia. An administrator of the web page introduced false information in the entry about a business school, ensuring that they offered "Master in Business Administration" degrees and was associated with prestigious foreign universities, when in fact the degrees offered were worthless.

This brings us to the conclusion that we can not trust nor the most sacred thing to us, called them Wikipedia or certificates. It's better to remain always vigilant, dear readers.


Post a Comment