The identity of the hackers responsible remains elusive, though the phishing targets in China and the IP addresses involved indicate a coordinated effort, researchers from Anomali said.
The mistake means that hackers could decrypt the key and use the certificate, a means of digital authentication, to monitor victims’ traffic and launch main-in-the-middle attacks.
CIO Dana Deasy lays out the department's plan in response to Sen. Ron Wyden, who raised concerna about the security of DOD's many public-facing sites.
A blog post by the maker of the Firefox browser says Chrome engineers are correct in their assessment of the problems with Symantec-issued internet security certificates — but they may have gone too far by proposing to distrust them.
Two of the biggest names on the internet embarked on a game of chicken this week over the little green padlock in the address bar.