Trustico: Difference between revisions
Content deleted Content added
m minor typo |
not event here |
||
| Line 1: | Line 1: | ||
{{Current related|date=March 2018}} |
|||
{{Infobox company |
{{Infobox company |
||
| name = Trustico |
| name = Trustico |
||
| Line 19: | Line 18: | ||
'''Trustico''' is a certificate reseller. |
'''Trustico''' is a certificate reseller. |
||
==History== |
|||
It became notable in March 2018, after its CEO transferred the [[private key]]s for 23,000 [[HTTPS]] certificates via [[email]] (a non-secure protocol) to an executive at [[DigiCert]].<ref name="ars23k">{{cite web|url=https://arstechnica.com/information-technology/2018/03/23000-https-certificates-axed-after-ceo-e-mails-private-keys/|title=23,000 HTTPS certificates axed after CEO emails private keys|publisher=}}</ref><ref>{{cite web|url=http://www.zdnet.com/article/trustico-compromises-own-customers-https-private-keys-in-spat-with-partner/|title=Trustico compromises own customers' HTTPS private keys in spat with partner|first=Zack|last=Whittaker|publisher=}}</ref><ref>{{cite web|url=https://www.securityweek.com/23000-digital-certificates-revoked-digicert-trustico-spat|title=23,000 Digital Certificates Revoked in DigiCert-Trustico Spat - SecurityWeek.Com|website=www.securityweek.com}}</ref><ref name="reg23k">{{cite web|url=https://www.theregister.co.uk/2018/03/01/trustico_digicert_symantec_spat/|title=23,000 HTTPS certs will be axed in next 24 hours after private keys leak|publisher=}}</ref><ref>{{cite web|url=https://news.ycombinator.com/item?id=16492284|title=How not to run a CA - Hacker News|website=news.ycombinator.com}}</ref> The fact that these private keys had been stored by Trustico suggested that Trustico had been violating the baseline requirements for certificate authorities.<ref name="ars23k"/> |
It became notable in March 2018, after its CEO transferred the [[private key]]s for 23,000 [[HTTPS]] certificates via [[email]] (a non-secure protocol) to an executive at [[DigiCert]].<ref name="ars23k">{{cite web|url=https://arstechnica.com/information-technology/2018/03/23000-https-certificates-axed-after-ceo-e-mails-private-keys/|title=23,000 HTTPS certificates axed after CEO emails private keys|publisher=}}</ref><ref>{{cite web|url=http://www.zdnet.com/article/trustico-compromises-own-customers-https-private-keys-in-spat-with-partner/|title=Trustico compromises own customers' HTTPS private keys in spat with partner|first=Zack|last=Whittaker|publisher=}}</ref><ref>{{cite web|url=https://www.securityweek.com/23000-digital-certificates-revoked-digicert-trustico-spat|title=23,000 Digital Certificates Revoked in DigiCert-Trustico Spat - SecurityWeek.Com|website=www.securityweek.com}}</ref><ref name="reg23k">{{cite web|url=https://www.theregister.co.uk/2018/03/01/trustico_digicert_symantec_spat/|title=23,000 HTTPS certs will be axed in next 24 hours after private keys leak|publisher=}}</ref><ref>{{cite web|url=https://news.ycombinator.com/item?id=16492284|title=How not to run a CA - Hacker News|website=news.ycombinator.com}}</ref> The fact that these private keys had been stored by Trustico suggested that Trustico had been violating the baseline requirements for certificate authorities.<ref name="ars23k"/> |
||
Revision as of 17:24, 12 March 2018
| Company type | Private company |
|---|---|
| Industry | Internet security, Public key infrastructure |
| Headquarters | , |
Trustico is a certificate reseller.
History
It became notable in March 2018, after its CEO transferred the private keys for 23,000 HTTPS certificates via email (a non-secure protocol) to an executive at DigiCert.[2][3][4][1][5] The fact that these private keys had been stored by Trustico suggested that Trustico had been violating the baseline requirements for certificate authorities.[2]
This was followed by the disclosure of a critical security flaw - a publicly-accessible root shell - in the Trustico website, after which the website was taken offline.[6][7]
See also
References
- ^ a b c "23,000 HTTPS certs will be axed in next 24 hours after private keys leak".
- ^ a b "23,000 HTTPS certificates axed after CEO emails private keys".
- ^ Whittaker, Zack. "Trustico compromises own customers' HTTPS private keys in spat with partner".
- ^ "23,000 Digital Certificates Revoked in DigiCert-Trustico Spat - SecurityWeek.Com". www.securityweek.com.
- ^ "How not to run a CA - Hacker News". news.ycombinator.com.
- ^ "Trustico website goes dark after someone drops critical flaw on Twitter".
- ^ "HTTPS cert flingers Trustico, SSL Direct go TITSUP after website security blunder blabbed".
 | This cryptography-related article is a stub. You can help Wikipedia by expanding it. |