Blog: Experts Warn of a Weak Link in the Security of Web Sites

Experts Warn of a Weak Link in the Security of Web Sites
New York Times (08/13/10) Helft, Miguel

Web sites that rely on certificate authorities to guarantee their authenticity are a growing security threat, experts say. As the number of third-party authorities has grown, it has become increasingly difficult to trust those who issue the certificates. "It is becoming one of the weaker links that we have to worry about," says the Electronic Frontier Foundation's (EEF's) Peter Eckersley. There are more than 650 organizations that can issue certificates that will be accepted by Internet Explorer or Firefox, according to the EEF. One of the weak links is Etisalat, a wireless carrier in the United Arab Emirates that was involved in a dispute with BlackBerry's maker, Research In Motion, over encryption. Etisalat could issue fake certificates to itself for scores of Web sites, and "use those certificates to conduct virtually undetectable surveillance and attacks against those sites," Eckersley says. Other researchers also are concerned about the proliferation of certificate authorities. "It is a bad enough problem that it should be receiving a lot more attention and we should be trying to fix it," says Princeton University's Stephen Schultze.

View Full Article