Summary: Much of the hooplah about the possible involvement of foreign intelligence in digital certificate-forging is probably foreign governments wishing they had the level of access to citizen data that ours does (and we won’t share). The second in a series by guest author Marcus J. Ranum discussing cyberwar — perhaps one of the major forms of war in the 21st century.
Article deleted at author’s request.
(6) For more information about cyberwar
(a) About this incident:
- DigiNotar Certificate Authority breach “Operation Black Tulip”, Interim Report by FOX-IT, 5 September 2011 — FOX-IT are security consultants hired to investigate this incident.
- “Fake DigiNotar web certificate risk to Iranians“, BBC, 5 September 2011
- “Dutch Government Struggles to Deal With DigiNotar Hack“, PC World, 7 September 2011
- “SSL Certificate Authority Recall Grows“, eSecurity Planet, 7 Spetember 2011 — “Mozilla issues yet another Firefox update for SSL issues as certificate authority risks mount beyond DigiNotar.”
- “DigiNotar Certificate Authority Breach Crashes e-Government in the Netherlands“, IEEE Spectrum, 9 September 2011
(b) About cyber-snooping by the US government:
- “Certifed Lies: Detecting and Defeating Government Interception Attacks Against SSL“, Christopher Soghoian (Indiana U – Bloomington) and Sid Stammy, working paper posted at SSRN, 16 April 2010
- Article about VeriSign (“Trust is the Foundation of Every Human Relationship”): “VeriSign sells digital certification services and runs the Internet registry, thus is well prepared to sell private information on its all-too-trusting customers and to assist ISPs and wireless providers in the business of betrayal, though it is hardly alone in spying boomtime.”
- Facebook Subpoena / Search Warrant Guidelines
- “Patriot Act – The kitchen-sink approach to national security“, Benjamin Wallace-Wells, New York, 27 August 2011
- A Review of the FBI’s Use of Exigent Letters and Other Informal Requests for Telephone Records, Office of the Inspector General of the US Department of Justice, January 2010
- A thread for the tinfoil hatters: “Beware Verisign has a security breach“, DN Forum, 2003