Information Security News mailing list archives
Stolen encryption key the source of compromised certificate problem, Symantec says
From: InfoSec News <alerts () infosecnews org>
Date: Tue, 20 Mar 2012 03:07:36 -0500 (CDT)
http://www.networkworld.com/news/2012/031912-symantec-stolen-key-257407.html By Ellen Messmer Network World March 19, 2012When Kaspersky Lab last week spotted code-signed Trojan malware dubbed Mediyes that had been signed with a digital certificate owned by Swiss firm Conpavi AG and issued by Symantec, it touched off a hunt to determine the source of the problem.
The answer, says Symantec's website security services (based on the VeriSign certificate and authentication services acquisition), is that somehow the private encryption key associated with Conpavi AG certificate had been stolen.
"The private key for Conpavi was exposed," says Quentin Liu, senior director of engineering at the Symantec division. "Someone got hold of the private key." For this type of digital certificate, the private key is held by the certificate owner, in this case, Conpavi. Whether the private encryption key was stolen by an insider at Conpavi or outside attacker isn't known. But the incident points out the risks associated with private encryption keys for this type of digital certificate and the need to safeguard them.
Symantec has revoked the Conpavi certificate that was used to digitally sign the Mediyes malware and is assisting the Swiss firm in analyzing what occurred and helping them prevent this from happening again.
[...] ______________________________________________________________________________ CISSP and CEH training with Expanding Security is the fastest, easiest way to grock the relevant data you need now. A free class invite is in every PainPill. Sign up for the free weekly PainPill . It's that easy. http://www.expandingsecurity.com/PainPill
Current thread:
- Stolen encryption key the source of compromised certificate problem, Symantec says InfoSec News (Mar 20)