Fraunhofer SIT Researchers Spoofed Certificate Authorities

German researchers led by Dr. Haya Shulman from the Fraunhofer Institute for Secure Information Technology (SIT), found a way to spoof SSL/TLS certificates for domains they didn't control, according to a report from The Register. 

Dr. Shulman stated that “Essentially, many CAs that support domain validation can be attacked. We demonstrated an attack which redirects the CA to an attacker machine via DNS cache poisoning."

The HTTPS certificates can be obtained even if the certificate authority that issued them protects them using PKI-based domain validation, which allows the attackers to spoof the identity of the targeted organization and create malicious copies of any websites using a specific certificate.

Given that Domain Validated (DV) certificates can be spoofed, organizations should move to certificates validated through other, more secure methods, such as Extended Val... (read more)

from Softpedia News / Global https://ift.tt/2CAkrjM