Comments on: Stuxnet reloaded – the war has just begun http://blogs.kuppingercole.com/kuppinger/2011/10/19/stuxnet-reloaded-the-war-has-just-begun/ KuppingerCole Fri, 18 May 2012 14:52:13 +0000 hourly 1 http://wordpress.org/?v=3.3.2 By: 3 Lessons Learned From Duqu Malware | RobertJGraham.com http://blogs.kuppingercole.com/kuppinger/2011/10/19/stuxnet-reloaded-the-war-has-just-begun/comment-page-1/#comment-398 3 Lessons Learned From Duqu Malware | RobertJGraham.com Fri, 04 Nov 2011 21:10:11 +0000 http://blogs.kuppingercole.com/kuppinger/?p=492#comment-398 [...] Kuppinger, principal analyst at identity and information security research firm KuppingerCole, in a blog post. Coming on the heels of this year’s attacks against DigiNotar and Comodo, that highlights the [...] [...] Kuppinger, principal analyst at identity and information security research firm KuppingerCole, in a blog post. Coming on the heels of this year’s attacks against DigiNotar and Comodo, that highlights the [...]

]]> By: pkienthusiast http://blogs.kuppingercole.com/kuppinger/2011/10/19/stuxnet-reloaded-the-war-has-just-begun/comment-page-1/#comment-390 pkienthusiast Fri, 21 Oct 2011 09:09:00 +0000 http://blogs.kuppingercole.com/kuppinger/?p=492#comment-390 I fully agree to Calum - I see two points here : Use hardware tokens to protect software signing keys and think about revocation methods for malicious software keys. See my blog <a href="http://pkienthusiast.wordpress.com/2011/10/21/stuxnet-duqu-code-signing-certificates-and-pki/" rel="nofollow">http://pkienthusiast.wordpress.com/2011/10/21/stu...</a> :) I fully agree to Calum – I see two points here : Use hardware tokens to protect software signing keys and think about revocation methods for malicious software keys. See my blog http://pkienthusiast.wordpress.com/2011/10/21/stu:)

]]> By: 3 Lessons Learned From Duqu Malware | National Cyber Security http://blogs.kuppingercole.com/kuppinger/2011/10/19/stuxnet-reloaded-the-war-has-just-begun/comment-page-1/#comment-389 3 Lessons Learned From Duqu Malware | National Cyber Security Thu, 20 Oct 2011 23:58:31 +0000 http://blogs.kuppingercole.com/kuppinger/?p=492#comment-389 [...] Kuppinger, principal analyst at identity and information security research firm KuppingerCole, in a blog post. Coming on the heels of this year’s attacks against DigiNotar and Comodo, that highlights the [...] [...] Kuppinger, principal analyst at identity and information security research firm KuppingerCole, in a blog post. Coming on the heels of this year’s attacks against DigiNotar and Comodo, that highlights the [...]

]]> By: Calum http://blogs.kuppingercole.com/kuppinger/2011/10/19/stuxnet-reloaded-the-war-has-just-begun/comment-page-1/#comment-388 Calum Thu, 20 Oct 2011 23:12:07 +0000 http://blogs.kuppingercole.com/kuppinger/?p=492#comment-388 <a href="http://www.venafi.com/about/blog/" rel="nofollow">http://www.venafi.com/about/blog/</a> If you read the blog on the attached link you will find that McAfee and Symantec have different opinions. McAfee claim that the evidence tends towards a CA breach and Symantec stating that it is a stolen certificate. Bottom line is that regardless of which one is right, it only just reinforces the need for organizations to manage their keys and certificates better! http://www.venafi.com/about/blog/

If you read the blog on the attached link you will find that McAfee and Symantec have different opinions. McAfee claim that the evidence tends towards a CA breach and Symantec stating that it is a stolen certificate.

Bottom line is that regardless of which one is right, it only just reinforces the need for organizations to manage their keys and certificates better!

]]> By: Urk http://blogs.kuppingercole.com/kuppinger/2011/10/19/stuxnet-reloaded-the-war-has-just-begun/comment-page-1/#comment-387 Urk Thu, 20 Oct 2011 19:49:48 +0000 http://blogs.kuppingercole.com/kuppinger/?p=492#comment-387 Where's your evidence that "digital certificates which seem to have been directly generated in the name of other companies" are involved? All indications are that this is another stolen code signing certificate. Where's your evidence that "digital certificates which seem to have been directly generated in the name of other companies" are involved? All indications are that this is another stolen code signing certificate.

]]>