Effect of withdrawal of confidence in the two CA – WoSign and StartCom – are unusual. RiskIQ, security vendor, has estimated that about 760,000 sites using SSL / TLS certificates issued by StartCom or WoSign. “I am sure that the browser actions are fully justified,” said James Pleger, director of security in RiskIQ. “This is a flagrant breach of trust, and browser makers need to seriously react to it.” Most of the web in its current form, is based on this trust, and when companies do not follow the recommendations, should be taken operational measures, says James.
Tom Kellermann, CEO of Strategic Cyber Ventures, praised the browser vendors for trying to civilize cyberspace by means of collective ban. “I think that the actions are fully justified, since these certificates are exploited by hackers and used for malicious purposes.” WoSign and StartCom – this is not the first certification authority that were blocked by browser vendors. In 2011, the Danish center DigiNotar was suspected in issuing fraudulent SSL-certificates, and in the end was blocked by browser vendors.
DigiNotar was suspected that it issued fake SSL-certificate for Google.com. Wildcard-certificate allow an attacker to add any secure HTTPS Google-domain. After DigiNotar studies have determined that the invasion of the CA infrastructure has led to the fact that the certificates were issued for the different domains, including Google.com. “Browser vendors have done well, that blocked the center,” said Georgia Weidman from Shevirah.
Users should be very careful about creating exclusions in the security, when the browser displays a warning about the certificate. If you are not sure, do not click. The compromise option may be to not give access to the site, rather than giving access to a compromised site.