The Hacker News Logo
Subscribe to Newsletter

The Hacker News — Cyber Security and Hacking News Website: Managing SSL certificates

Symantec API Flaws reportedly let attackers steal Private SSL Keys and Certificates

Symantec API Flaws reportedly let attackers steal Private SSL Keys and Certificates

March 28, 2017Swati Khandelwal
A security researcher has disclosed critical issues in the processes and third-party API used by Symantec certificate resellers to deliver and manage Symantec SSL certificates. The flaw, discovered by Chris Byrne, an information security consultant and instructor for Cloud Harmonics, could allow an unauthenticated attacker to retrieve other persons' SSL certificates, including public and private keys, as well as to reissue or revoke those certificates. Even without revoking and reissuing a certificate, attackers can conduct "man-in-the-middle" attack over the secure connections using stolen SSL certs, tricking users into believing they are on a legitimate site when in fact their SSL traffic is being secretly tampered with and intercepted. "All you had to do was click a link sent in [an] email, and you could retrieve a cert, revoke a cert, and re-issue a cert," Byrne wrote in a Facebook post published over the weekend. Symantec knew of API Flaws Si
Simplifying SSH keys and SSL Certs Management across the Enterprise using Key Manager Plus

Simplifying SSH keys and SSL Certs Management across the Enterprise using Key Manager Plus

November 02, 2016Swati Khandelwal
With rapidly growing web-based services and widely expanding locations, organizations are using more and more SSL certificates as well as SSH keys than ever. From authentication, confidentiality, and integrity to preventing the organization from industrial espionage, SSL certificates play an important role. Managing SSL certificates across networks to ensure protection and prevent unanticipated failures is critical, and it also becomes complicated with multiple locations, divisions as well as the fastest growing use of external cloud-based services. This not only complicates the process of managing individual SSL certificate and SSH key for an administrator but also costs organizations heavily. A key solution for this issue is to use an advanced and efficient SSL certificate and SSH Key management system. An effective solution enables an organization to know what kinds of certificates and keys it has, simplifies certificate discovery and monitor across multiple vendors, an
Exclusive Deals

Get Daily News Updates By Email

Join over 350,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.