Up to a total of 23,000 leaked HTTPS certificates put the data of thousands of users on the network at risk
Table of contents:
The security of our data on the network is once again in question Yesterday we saw how security can be improved in our equipment and in the home network enabling MAC filtering from our router. It is not infallible but at least we gain a little extra protection.
But this is of no use if when our data goes abroad, they are exposed to risks that we did not count on at first. And that's what happened when a massive leak compromised several thousand HTTPS certificatesAnd it is that thousands of these HTTPS certificates have been disseminated via e-mail.
Before continuing, clarify the purpose of an HTTPS certificate on a website. This is the system that guarantees that the data we enter is end-to-end encrypted In this way, our data is theoretically protected until it reaches its destination. These are web pages that instead of the usual HTTP head their address with the letters HTTPS.
An irresponsible attitude?
Up to a total of 23,000 HTTPS certificates have been affected by this massive (and irresponsible) leak so that web pages and domains that were protected by those 23,000 certificates (that's nothing), are now fully exposed. And the data used in them as well.
Let's think of pages of all kinds ranging from e-commerce websites, to bank pages and even official organizations. It is a problem of a depth that we do not even know about.
Translated to number of users we can get an idea. There may be thousands, tens, hundreds of thousands or even millions of affected users who access these web pages whose certificates are available to the highest bidder.
The email appears to have been sent by the CEO of Trustico, a company that manages the TLS certificates that validate these pages, to DigiCertDigiCert's executive vice president, Jeremy Rowley. Total, an email with an attachment containing all keys (up to a total of 23,000).
A piece of news that may seem taken from a humorous space but unfortunately it is not. It is enormously irresponsible to put such sensitive information at risk We must not forget that email is not the most secure medium.We will be attentive to the evolution of the situation.
Source | ArsTechnica Image | Wikipedia