Trustico: Difference between revisions

Trustico
Company type	Private company
Industry	Internet security, Public key infrastructure
Headquarters	Croydon, United Kingdom

Browse history interactively

← Previous edit Next edit →

Content deleted Content added

VisualWikitext

Inline

Revision as of 00:47, 2 March 2018

Trustico is a certificate authority.

It became notable in March 2018, after its CEO transferred the private keys for 23,000 HTTPS certificates via email (not a secure protocol) to an executive at DigiCert.^[2]^[3]^[4]^[1]^[5] The fact that these private keys had been stored by Trustico suggested that Trustico had been violating the baseline requirements for certificate authorities.^[2]

This was followed by the disclosure of a critical security flaw - a publicly-accessible root shell - in the Trustico website, after which the website was taken offline.^[6]^[7]

References

^ ^a ^b ^c "23,000 HTTPS certs will be axed in next 24 hours after private keys leak".
^ ^a ^b "23,000 HTTPS certificates axed after CEO emails private keys".
^ Whittaker, Zack. "Trustico compromises own customers' HTTPS private keys in spat with partner".
^ "23,000 Digital Certificates Revoked in DigiCert-Trustico Spat - SecurityWeek.Com". www.securityweek.com.
^ "How not to run a CA - Hacker News". news.ycombinator.com.
^ "Trustico website goes dark after someone drops critical flaw on Twitter".
^ "HTTPS cert flingers Trustico, SSL Direct go TITSUP after website security blunder blabbed".

This article is a stub. You can help Wikipedia by expanding it.

[reg23k-1] "23,000 HTTPS certs will be axed in next 24 hours after private keys leak".

[ars23k-2] "23,000 HTTPS certificates axed after CEO emails private keys".

[3] Whittaker, Zack. "Trustico compromises own customers' HTTPS private keys in spat with partner".

[4] "23,000 Digital Certificates Revoked in DigiCert-Trustico Spat - SecurityWeek.Com". www.securityweek.com.

[5] "How not to run a CA - Hacker News". news.ycombinator.com.

[6] "Trustico website goes dark after someone drops critical flaw on Twitter".

[7] "HTTPS cert flingers Trustico, SSL Direct go TITSUP after website security blunder blabbed".

[1]

[2]

[3]

[4]

[5]

[6]

[7]

@@ Line 1: / Line 1: @@
-{{bareurls}}
 {{Infobox company
 | name = Trustico
@@ Line 19: / Line 18: @@
 '''Trustico''' is a [[certificate authority]].
-It became notable in March 2018, after its CEO transferred the private keys for 23,000 HTTPS certificates via email (not a secure protocol) to an executive at [[DigiCert]].<ref name="ars23k">https://arstechnica.com/information-technology/2018/03/23000-https-certificates-axed-after-ceo-e-mails-private-keys/</ref><ref>http://www.zdnet.com/article/trustico-compromises-own-customers-https-private-keys-in-spat-with-partner/</ref><ref>https://www.securityweek.com/23000-digital-certificates-revoked-digicert-trustico-spat</ref><ref name="reg23k">https://www.theregister.co.uk/2018/03/01/trustico_digicert_symantec_spat/</ref><ref>https://news.ycombinator.com/item?id=16492284</ref> The fact that these private keys had been stored by Trustico suggested that Trustico had been violating the baseline requirements for certificate authorities.<ref name="ars23k"/>
+It became notable in March 2018, after its CEO transferred the private keys for 23,000 HTTPS certificates via email (not a secure protocol) to an executive at [[DigiCert]].<ref name="ars23k">{{cite web|url=https://arstechnica.com/information-technology/2018/03/23000-https-certificates-axed-after-ceo-e-mails-private-keys/|title=23,000 HTTPS certificates axed after CEO emails private keys|publisher=}}</ref><ref>{{cite web|url=http://www.zdnet.com/article/trustico-compromises-own-customers-https-private-keys-in-spat-with-partner/|title=Trustico compromises own customers' HTTPS private keys in spat with partner|first=Zack|last=Whittaker|publisher=}}</ref><ref>{{cite web|url=https://www.securityweek.com/23000-digital-certificates-revoked-digicert-trustico-spat|title=23,000 Digital Certificates Revoked in DigiCert-Trustico Spat - SecurityWeek.Com|website=www.securityweek.com}}</ref><ref name="reg23k">{{cite web|url=https://www.theregister.co.uk/2018/03/01/trustico_digicert_symantec_spat/|title=23,000 HTTPS certs will be axed in next 24 hours after private keys leak|publisher=}}</ref><ref>{{cite web|url=https://news.ycombinator.com/item?id=16492284|title=How not to run a CA - Hacker News|website=news.ycombinator.com}}</ref> The fact that these private keys had been stored by Trustico suggested that Trustico had been violating the baseline requirements for certificate authorities.<ref name="ars23k"/>
-This was followed by the disclosure of a critical security flaw - a publicly-accessible root shell - in the Trustico website, after which the website was taken offline.<ref>https://arstechnica.com/information-technology/2018/03/trustico-website-goes-dark-after-someone-drops-critical-flaw-on-twitter/</ref><ref>https://www.theregister.co.uk/2018/03/01/trustico_website_offline/</ref>
+This was followed by the disclosure of a critical security flaw - a publicly-accessible root shell - in the Trustico website, after which the website was taken offline.<ref>{{cite web|url=https://arstechnica.com/information-technology/2018/03/trustico-website-goes-dark-after-someone-drops-critical-flaw-on-twitter/|title=Trustico website goes dark after someone drops critical flaw on Twitter|publisher=}}</ref><ref>{{cite web|url=https://www.theregister.co.uk/2018/03/01/trustico_website_offline/|title=HTTPS cert flingers Trustico, SSL Direct go TITSUP after website security blunder blabbed|publisher=}}</ref>
 == See also ==