In-brief: Carnegie Mellon’s CERT issued a warning that many certificate authorities continue to issue domain certificates with no more proof than the right e-mail address. Updated to include comment from GlobalSign. Paul 3/27/2015
Tag: critical infrastructure
Bill in U.S. House would Open Doors to Threat Intel Sharing | Reuters
In-brief: Leaders of the House of Representatives Intelligence Committee introduced the Protecting Cyber Networks Act on Tuesday. The bill would make it easier for companies to share information about attacks with each other and with the government. It also addresses concerns about omnibus spying by U.S. intelligence agencies.
Updated: Google warns of unauthorized TLS certificates trusted by almost all OSes | Ars Technica
In-brief: Google warned its users that unauthorized digital certificates have been issued for several of its domains. The certificates are linked to an intermediary certificate authority for CNNIC, which administers China’s domain name registry. Updated with comment from Kevin Bocek of Venafi. Paul 3/27/2015
Intel: New Approach Needed to Secure Connected Health Devices
In-brief: connected medical devices pose a number of risks to patients, including the threat of “targeted killings,” according to a report by Intel Security. The fix: better application design and more public-private sector cooperation.
OpenSSL Issuing Fixes for High Severity Flaws on Thursday
In-brief: The OpenSSL Project is publishing software updates to address a range of security flaws, at least one of them rated “critical.” The update comes amid a comprehensive audit of the OpenSSL code.
