[cabfpub] SANS Institute Editorial Comment about CABF

Rick Andrews Rick_Andrews at symantec.com
Fri Oct 5 17:55:52 UTC 2012


http://www.sans.org/newsletters/newsbites/newsbites.php?vol=14&issue=79&rss=Y#sID200


Adobe Acknowledges Internal Server Hack (October 1, 2012)
Adobe says that one of its internal servers has been hacked. The compromised server has access to the company's digital certificate code signing infrastructure. The incident occurred in late July. The attackers were able to use the unauthorized access to create and digitally sign at least two malicious files. Adobe is planning to revoke the certificate as of October 4 and will issue updates for Adobe software that it is signed with.
...
[Editor's Note (Pescatore): Of course, revoking a certificate is only meaningful if revocation checking is meaningful - which, in the current SSL certificate model, it is not. The CA/Browser Forum has spent most of the year discussing reorganizing, which despite famous quotes is not even close to making progress.

Should we as a group respond to this? The editor is mixing up SSL and Code Signing, and I think we can argue that we have made progress towards organizational change.

-Rick

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20121005/74e6e880/attachment-0003.html>


More information about the Public mailing list