the diginotar crisis
play

The DigiNotar crisis from incident response to crisis coordination - PowerPoint PPT Presentation

Apr 10, 2023 •336 likes •649 views

The DigiNotar crisis from incident response to crisis coordination Aart Jochem NCSC-NL FIRST Conference Malta - 18 June 2012 Wave 1 Wave 1 Early nineties: Phil Zimmerman releases PGP Photo Phill Zimmerman Pretty Good Privacy Early

  1. The DigiNotar crisis from incident response to crisis coordination Aart Jochem NCSC-NL FIRST Conference Malta - 18 June 2012

  2. Wave 1 Wave 1

  3. Early nineties: Phil Zimmerman releases PGP Photo Phill Zimmerman Pretty Good Privacy

  4. Early nineties: Whitfield Diffie works on public policy aspects of cryptography Photo Whitfield Diffie public policy aspects of cryptography

  6. Wave 2 Wave 2

  7. Memorandum Vulnerabilities on the Internet July 2001

  9. Wave 3 Wave 3

  10. Large scale incidents triggers also military respons Photo of Hillar Aarelaid Was it Hillar or John? Photo of John McCane in Die Hard 4

  12. PKI Policy Audit PA Revo- cation RA CA

  15. Video

  16. DigiNotar DigiNotar Public CA PKIOverheid CA Sub CA Sub CA Sub CA Sub CA

  18. DigiNotar d DigiNotar e Public CA PKIOverheid CA k c a H Sub CA Sub CA Sub CA Sub CA

  21. d DigiNotar DigiNotar d e Public CA PKIOverheid CA e k k c c a a H H Sub CA Sub CA Sub CA Sub CA

  23. From: Erik de Jong (GOVCERT.NL) From: Aart Jochem (GOVCERT.NL) Sent: vrijdag 2 september 2011 23:59 Sent: zaterdag 3 september 2011 23:51 To: Alle medewerkers GOVCERT.NL To: Alle medewerkers GOVCERT.NL Subject: De middernachtscrisishaiku Subject: RE: De middernachtscrisishaiku Het is tijd voor de traditionele [1] middernachtscrisishaiku. When trust revoked Computers silenced in rack Trust builds up slowly You and me remain SSL certificates *Poooof* trust gone like that Aart From: Bob (GOVCERT.NL) Sent: Maandag 5 september 2011 23:58 To: Alle medewerkers GOVCERT.NL [1] Elke traditie kent een begin. Subject: RE: De middernachtscrisishaiku GOVCERT.NL T +31 70 888 75 55 I www.govcert.nl Bits, elements of trust E info@govcert.nl PGP Fingerprint: 5EF4 6F80 7530 1583 E140 D918 Gateways to precious freedom BC24 36AC 1045 1333 Sorry, revoked Bob

  24. Building up a crisis Crisis Effort Parliament, *.google.com Hack fact finding, etc June July August Sept Oct No role yet Coörd Expert IR

  25. What’s next? What’s next?

  26. A PKI is a critical infrastructure • Treat it like one • Create awareness • Monitor the RA’s and CA’s • Strengthen oversight

  27. Manage certificate as assets • Have an inventory • Add to asset management system • Provide for backups

  28. Support secure techniques • Look into the new IETF draft RFC for Dane • Adopt DNSSEC

  29. PKI Browser Policy Audit PA suppliers Revo- cation CAB RA CA Forum

  30. Sum m ary • PKI is a critical infrastructure, treat it like one • Manage individual certificates as assets • Support development and implementation of secure techniques • Go through scenarios where your CA becomes untrusted

  31. The DigiNotar Crisis from incident response to crisis coordination Aart.Jochem @ ncsc.nl FI RST Conference Malta - 1 8 June 2 0 1 2

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Boring crypto Some recent TLS failures Daniel J. Bernstein Diginotar CA compromise. University

Boring crypto Some recent TLS failures Daniel J. Bernstein Diginotar CA compromise. University

Boring crypto Some recent TLS failures Daniel J. Bernstein Diginotar CA compromise. University of Illinois at Chicago & BEAST CBC attack. Technische Universiteit Eindhoven Trustwave HTTPS interception. CRIME compression attack. Lucky 13

1.3k views • 128 slides
Incidents of the Week Wikileaks disclosure of unedited cables DigiNotar fake certificates

Incidents of the Week Wikileaks disclosure of unedited cables DigiNotar fake certificates

Incidents of the Week Wikileaks disclosure of unedited cables DigiNotar fake certificates Wikileaks: What Happened Wikileaks disclosed unedited version of leaked cables to The Guardian Encrypted file was hidden in the

584 views • 45 slides
Mission Accomplished? HTTPS Security after DigiNotar Johanna Amann* ICSI / LBL / Corelight

Mission Accomplished? HTTPS Security after DigiNotar Johanna Amann* ICSI / LBL / Corelight

Mission Accomplished? HTTPS Security after DigiNotar Johanna Amann* ICSI / LBL / Corelight Oliver Gasser* Technical University of Munich Quirin Scheitle* Technical University of Munich Lexi Brent The University of Sydney Georg Carle

631 views • 39 slides
Two Views 1 It's been proven now that the crisis is not a Greek crisis. The crisis is a

Two Views 1 It's been proven now that the crisis is not a Greek crisis. The crisis is a

Two Views 1 It's been proven now that the crisis is not a Greek crisis. The crisis is a European crisis. So now is the time that we as Europeans need to act decisively and effectively." Greek Prime Minister George Papandreou

155 views • 13 slides
Who we are. . What we do. The Crisis Response Network, Inc (CRN) operates a 24/7 crisis

Who we are. . What we do. The Crisis Response Network, Inc (CRN) operates a 24/7 crisis

Who we are. . What we do. The Crisis Response Network, Inc (CRN) operates a 24/7 crisis hotline and provides a continuum of services to anyone experiencing a crisis, including: 24/7 Crisis hotline 24/7 Peer operated warm line

209 views • 17 slides
CRISIS? WHAT CRISIS? How to avoid making a drama out of a crisis by Chris Green We can all spot

CRISIS? WHAT CRISIS? How to avoid making a drama out of a crisis by Chris Green We can all spot

CRISIS? WHAT CRISIS? How to avoid making a drama out of a crisis by Chris Green We can all spot a gaffe... The wrong type of snow Leaves on the line A good day to bury bad news I would like my life back Because

496 views • 15 slides
CRISIS MANAGEMENT 2 3 1 3/6/2018 4 An Airline in Crisis AA is shattered by the terrorist

CRISIS MANAGEMENT 2 3 1 3/6/2018 4 An Airline in Crisis AA is shattered by the terrorist

3/6/2018 Twelve Years of Turbulence: The Role of Lawyers During Times of Crisis Gary Kennedy Former Senior Vice President and General Counsel American Airlines CRISIS MANAGEMENT 2 3 1 3/6/2018 4 An Airline in Crisis AA is shattered

228 views • 10 slides
Works For All The Global Economic Crisis Evolution of the Crisis A Bursting Housing Bubble.

Works For All The Global Economic Crisis Evolution of the Crisis A Bursting Housing Bubble.

An Economy That Works For All The Global Economic Crisis Evolution of the Crisis A Bursting Housing Bubble. A Global Credit Market Crisis. A Global Recession and Employment Crisis. Sovereign Debt Crisis. Fundamental Imbalances

147 views • 11 slides
Recovery in Crisis Intervention Tom Farebrother Registered Manager November 2014 Crisis

Recovery in Crisis Intervention Tom Farebrother Registered Manager November 2014 Crisis

Recovery in Crisis Intervention Tom Farebrother Registered Manager November 2014 Crisis Presentations: What are we dealing with? Presentation Clusters Crisis Interventions Constructive Journeys Through Crisis Case

274 views • 9 slides
Crisis and Crisis and Vulnerability Vulnerability ILO Crisis Response : Trainers Guide

Crisis and Crisis and Vulnerability Vulnerability ILO Crisis Response : Trainers Guide

SESSION Crisis and Vulnerability VI 1 Crisis and Crisis and Vulnerability Vulnerability ILO Crisis Response : Trainers Guide InFocus Programme on Crisis Response and Reconstruction IFP/CRISIS SESSION Crisis and Vulnerability VI

434 views • 16 slides
When it Hits the Fan: Preparing for the Worst By Alex Green Overview What is a Crisis

When it Hits the Fan: Preparing for the Worst By Alex Green Overview What is a Crisis

When it Hits the Fan: Preparing for the Worst By Alex Green Overview What is a Crisis Crisis Mgmt Framework Consider the Crisis Reactive or Proactive? Plan the Six Ps Putting it Together Group Exercise Crisis

593 views • 17 slides
The crisis of the euro-zone: EMU structural imbalances, the sovereign debt crisis and the response

The crisis of the euro-zone: EMU structural imbalances, the sovereign debt crisis and the response

The crisis of the euro-zone: EMU structural imbalances, the sovereign debt crisis and the response of the EU Professor Leila Simona Talani Kings College London Main points: The global financial crisis was an unprecedented blow to the

532 views • 10 slides
Jonathan and Erik Bernstein Bernstein Crisis Management, Inc Crisis Management Best Practices

Jonathan and Erik Bernstein Bernstein Crisis Management, Inc Crisis Management Best Practices

BEST PRACTICES IN CRISIS MANAGEMENT Jonathan and Erik Bernstein Bernstein Crisis Management, Inc Crisis Management Best Practices Crisis Prevention Organizations must plan for crises or they are, de facto, planning to have a crisis.

417 views • 18 slides
Crisis Management Rachel Anderson Madeline Kilburn Jieun Lee Alexa Lewis Erica Nash-Wood

Crisis Management Rachel Anderson Madeline Kilburn Jieun Lee Alexa Lewis Erica Nash-Wood

Crisis Management Rachel Anderson Madeline Kilburn Jieun Lee Alexa Lewis Erica Nash-Wood WHAT IS A CRISIS ? Personnel Crisis Systemic Crisis Contextual Crisis Why companies need crisis management plans 1. To plan strategic procedures

417 views • 24 slides
HOW WE CAN HELP? A SHORT SLIDE-SHOW ABOUT MIGRATION CRISIS AND A DISCUSSION REGARDING TO POSSIBLE

HOW WE CAN HELP? A SHORT SLIDE-SHOW ABOUT MIGRATION CRISIS AND A DISCUSSION REGARDING TO POSSIBLE

HOW WE CAN HELP? A SHORT SLIDE-SHOW ABOUT MIGRATION CRISIS AND A DISCUSSION REGARDING TO POSSIBLE SOLUTIONS OF HOW WE CAN SOLVE IT WHAT IS A MIGRATION CRISIS? The European migrant crisis, also known as the refugee crisis, is a period beginning

251 views • 12 slides
Considerations about the Crisis 1. Marx, Keynes, Crisis: A Reprise 2. US and European Economic

Considerations about the Crisis 1. Marx, Keynes, Crisis: A Reprise 2. US and European Economic

End of the economic crisis? The US and Europe in the light of Keynes and Marx Gary Dymski Professor, Economics Division Leeds University Business School 31 March 2014 University of Leeds Considerations about the Crisis 1. Marx, Keynes, Crisis:

680 views • 54 slides
Format Oracles on OpenPGP F. Maury J.-R. Reinhard O. Levillain H. Gilbert ANSSI, France

Format Oracles on OpenPGP F. Maury J.-R. Reinhard O. Levillain H. Gilbert ANSSI, France

Format Oracles on OpenPGP Format Oracles on OpenPGP F. Maury J.-R. Reinhard O. Levillain H. Gilbert ANSSI, France CT-RSA April 22, 2015 Maury et al. | ANSSI | CT-RSA 2015 1 / 19 Format Oracles on OpenPGP | Introduction Contribution We

1.05k views • 28 slides
Secure Client Applications HTTPS Secure Email Networking Sirindhorn International Institute of

Secure Client Applications HTTPS Secure Email Networking Sirindhorn International Institute of

Networking Secure apps Aims Crypto Basics Secure Client Applications HTTPS Secure Email Networking Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 26 June 2014

389 views • 26 slides
Pretty Good Privacy Privacy Enhancing Technologies Leonardo A. Martucci CC-BY-4.0 Part 2:

Pretty Good Privacy Privacy Enhancing Technologies Leonardo A. Martucci CC-BY-4.0 Part 2:

Pretty Good Privacy Privacy Enhancing Technologies Leonardo A. Martucci CC-BY-4.0 Part 2: Secure Communications Why do we need secure communications? PGP We are here! TLS and Let's Encrypt Secure messaging Pretty Good Privacy

468 views • 21 slides
Security and Authorization Ramakrishnan & Gehrke, Chapter 21 320302 Databases & Web

Security and Authorization Ramakrishnan & Gehrke, Chapter 21 320302 Databases & Web

Security and Authorization Ramakrishnan & Gehrke, Chapter 21 320302 Databases & Web Applications (P . Baumann) Motivation Secrecy: Users should not be able to see things they are not supposed to Ex: student cant see other

766 views • 21 slides
Crypto Wars 2.0 Abertay Hackers Michael Jack mikey$ whoami Michael Jack 2 nd Year

Crypto Wars 2.0 Abertay Hackers Michael Jack mikey$ whoami Michael Jack 2 nd Year

Crypto Wars 2.0 Abertay Hackers Michael Jack mikey$ whoami Michael Jack 2 nd Year Ethical Hacking @MikeyJck BSc @ Abertay Member Abertay Ethical mikeyjck.io Hacking Society I <3 Cryptography Whats all this then?

953 views • 37 slides
Security Protocols Key Establishment, Chapter 13 of Understanding Cryptography by Paar

Security Protocols Key Establishment, Chapter 13 of Understanding Cryptography by Paar

References Introduction to Cryptography Security Protocols Key Establishment, Chapter 13 of Understanding Cryptography by Paar & Pelzl Wide Mouth Frog Protocol from Wikipedia Jim Royer

281 views • 9 slides
Paranoid Habits Part 1: Security Tips Denis Rechkunov @pragmader / pragmader.me Whats this

Paranoid Habits Part 1: Security Tips Denis Rechkunov @pragmader / pragmader.me Whats this

Paranoid Habits Part 1: Security Tips Denis Rechkunov @pragmader / pragmader.me Whats this about? Topics: Authentication Phishing PGP SSH USB Networking Can I trust you, Denis? Trust no one,

531 views • 41 slides
Wireless Ad Hoc & Sensor Networks Wireless Ad Hoc & Sensor Networks Introduction -

Wireless Ad Hoc & Sensor Networks Wireless Ad Hoc & Sensor Networks Introduction -

Outline Wireless Ad Hoc & Sensor Networks Wireless Ad Hoc & Sensor Networks Introduction - Security Security challenges in Ad Hoc Networks y g Threats and Attacks Security Solutions Security Solutions

668 views • 15 slides

More recommend