Pierluigi Paganini
January 04, 2013
Itâs the news of the day, a fraudulent digital certificate that could be used for active phishing attacks against Googleâs web properties. Using the certificate it is possible to spoof content in a classic phishing schema or perform a man-in-the-middle attack according Google Chrome Security Team and Microsoft experts. Microsoft has been immediately started the […]
Pierluigi Paganini
September 30, 2012
It’s happened again, cyber criminals have stolen digital certificates related to companies recognized reliable to sign malicious code. This time the victim is Adobe and according its security chief, Brad Arkin, a group of hackers have signed malware using Adobe digital certificate obtained compromising a vulnerable build server that was used to get code validation […]
Pierluigi Paganini
July 09, 2012
Last week, on blog.torproject.org was published the news relative to a security vulnerability found in Cyberoam DPI devices (CVE-2012-3372). All is started when a user in Jordan reported seeing a fake certificate to torproject.org. The certificate was issued by Cyberoam companies and the researchers of the Tor project believed that the CA has been tricked […]
Pierluigi Paganini
May 13, 2012
Private companies and governments agencies all around the word make huge investments for the automation of their processes and in the management of the electronic documentation. The main requirement in the management of digital documentation is its equivalence, from a legal perspective, to paperwork, affixing a signature on a digital document is the fundamental principle […]
Pierluigi Paganini
April 13, 2012
The US Government is very close to the theme of warfare being among the countries that invest more in the field. In a cyber security context we can enumerate a huge quantity of cyber threats that daily are designed and enhanced, a heterogeneous world and that includes many different options that could harm military and […]
Pierluigi Paganini
March 06, 2012
Symantec company recently has disclosed the news that the collective Anonymous has deceived his supporters favoring the spread and installing of Zeus malware on their machines. The charge is heavy and would undermine the trust that underpins the recruitment methods of the collective, it seems that all supporters who have participated to various Distributed Denial of Service (DDoS) […]
Pierluigi Paganini
February 14, 2012
After the attacks against certification authorities such as VeriSign, Comodo and DigiNotar the level of confidence in the model based on certificates is in sharp decline. There is widespread accusations addressed to the PKI paradigm (public key infrastructure ) which is based on the concept to request to trusted and credited third parties to guarantee […]
Pierluigi Paganini
January 14, 2012
In these hours on the web is turning the news of a cyber attack performed by a group of Chinese hackers against some U.S. Government Agencies. Once again, the weapon used against the strategic objectives is a cyber weapon, in particular it has been used a new version of the trojan Sykipot. Chinese hackers have […]
Pierluigi Paganini
December 15, 2011
It’s end of the year and time for reflections. Yesterday we have discussed on incident occurred to CAs, but what else will we remember of this 2011? No doubts, we will remember the new way to use Internet, an irreplaceable vector for social protests, expression of social malaise and of too much stolen liberty. We […]
Pierluigi Paganini
December 15, 2011
2011 was a terrible year for the certification authorities, the number of successful attacks against some major companies reported is really high and totally out of any prediction. Many attacks have had disturbing consequences.It all began, or so we were led to believe, with the case Comodo. Comodo officials revealed that the registration authority had […]
