Security departments could take measures to protect organizations from untrusted certificate authorities and counterfeit SSL certs, but most don’t bother.
Despite worries about counterfeit certificates and man-in-the-middle attacks on SSL communications, many security professionals are doing little to protect their organizations from the dangers of untrusted certificates and certificate authorities (CAs), according to new research by Venafi.
Venafi surveyed 333 attendees to the Black Hat USA conference in Las Vegas last month about their perceptions and practices regarding CAs, the arbiters of online trust, which themselves may not always be trustworthy.
To read the entire article, please click here.
Source: http://www.darkreading.com/
