Discussion:
What has empowered hacking of Karspersky's network?
(too old to reply)
Mok-Kong Shen
2015-07-08 12:57:03 UTC
Permalink
The recent news of hacking of Karspersky's network involved, according
to media reports
(http://www.theregister.co.uk/2015/06/15/duqu2_stolen_foxconn_cert/),
stealth of VeriSign certified private keys from FoxConn.

This is evidently only one possiblity. Wouldn't it be also be possible,
that the criminal act was done already at VeriSign? Further, wouldn't
it also be conceivable that the bad guys empolyed much more
sophisticated tecniques than stealing in the common sense, in
particular via exploiting backdoors implanted by them in the RSA
software being used?

M. K. Shen
p***@nospam.demon.co.uk
2015-07-08 19:24:01 UTC
Permalink
Post by Mok-Kong Shen
The recent news of hacking of Karspersky's network involved, according
to media reports
(http://www.theregister.co.uk/2015/06/15/duqu2_stolen_foxconn_cert/),
stealth of VeriSign certified private keys from FoxConn.
This is evidently only one possiblity. Wouldn't it be also be possible,
that the criminal act was done already at VeriSign? Further, wouldn't
it also be conceivable that the bad guys empolyed much more
sophisticated tecniques than stealing in the common sense, in
particular via exploiting backdoors implanted by them in the RSA
software being used?
M. K. Shen
In our digital world, nothing is uncrackable, unexploitable,
uncopyable etc. back doors or not -- it is more about the effort
needed to achieve the desired result. A high profile target such as
Kaspersky just needs more effort...

Pete
--
Believe those who are seeking the truth.
Doubt those who find it. - André Gide
Mok-Kong Shen
2015-07-09 09:53:21 UTC
Permalink
Post by p***@nospam.demon.co.uk
Post by Mok-Kong Shen
The recent news of hacking of Karspersky's network involved, according
to media reports
(http://www.theregister.co.uk/2015/06/15/duqu2_stolen_foxconn_cert/),
stealth of VeriSign certified private keys from FoxConn.
This is evidently only one possiblity. Wouldn't it be also be possible,
that the criminal act was done already at VeriSign? Further, wouldn't
it also be conceivable that the bad guys empolyed much more
sophisticated tecniques than stealing in the common sense, in
particular via exploiting backdoors implanted by them in the RSA
software being used?
In our digital world, nothing is uncrackable, unexploitable,
uncopyable etc. back doors or not -- it is more about the effort
needed to achieve the desired result. A high profile target such as
Kaspersky just needs more effort...
How could in general a commerical firm take care of such eventualities?
Could it at least insure against such potential risks? Or is simply the
whole PKI valueless?

M. K. Shen

Loading...