PKI

Pierluigi Paganini February 10, 2013
Bit9 hacked, stolen digital certificates to sign malware

The week ended in the worst way for the security company Bit9 that last Friday announced that hackers had stolen digital certificates from its network and have utilized it to sign malicious code. Bit9 is a popular a company that provides software and network security services to a lot of important private firms and also to […]

Pierluigi Paganini January 04, 2013
Turkey – Another story on use of fraudulent digital certificates

It’s the news of the day, a fraudulent digital certificate that could be used for active phishing attacks against Google’s web properties. Using the certificate it is possible to spoof content in a classic phishing schema or perform a man-in-the-middle attack according Google Chrome Security Team and Microsoft experts. Microsoft has been immediately started the […]

Pierluigi Paganini October 29, 2012
Please can you explain what it is and how does the bitcoin work?

After the publishing of the book “Deep Dark Web” many colleagues asked me to explain how does work the finance in hidden world and which is the currency used for the transactions? Of course I receive many question also on Bitcoin by common people so I decided to introduce the basic concepts behind the famous […]

Pierluigi Paganini September 30, 2012
Adobe Code Signing Certificate used to sign malware, who to blame?

It’s happened again, cyber criminals have stolen digital certificates related to companies recognized reliable to sign malicious code. This time the victim is Adobe and according its security chief, Brad Arkin, a group of hackers have signed malware using Adobe digital certificate obtained compromising a vulnerable build server that was used to get code validation […]

Pierluigi Paganini June 28, 2012
RSA SecurIDs Cracked In 13 Minutes,rumors and denials

The news has creating great surprise in the security community, a group of computer scientist has declared that has cracked the RSA SecurID encryption model. The news is sensational due the large diffusion of the tokens for the implementation of PKI infrastructures in both private and government sectors. RSA SecurID, is a mechanism developed by […]

Pierluigi Paganini February 14, 2012
Trustwave vs Mozilla community for MITM Digital Certificate

After the attacks against certification authorities such as VeriSign, Comodo and DigiNotar the level of confidence in the model based on certificates is in sharp decline. There is widespread accusations addressed to the PKI paradigm (public key infrastructure ) which is based on the concept to request to trusted and credited third parties to guarantee […]

Pierluigi Paganini January 14, 2012
Sykipot attacks U.S PKI infrastructures based on smart cards

In these hours on the web is turning the news of a cyber attack performed by a group of Chinese hackers against some U.S. Government Agencies. Once again, the weapon used against the strategic objectives is a cyber weapon, in particular it has been used a new version of the trojan Sykipot. Chinese hackers have […]