Jump to content

Trustico: Difference between revisions

From Wikipedia, the free encyclopedia
Content deleted Content added
Undid revision 921670515 by Kellymorison (talk) WP:SPAM
correct date format and syntax for UK subject, grammar, wording, tense
Line 14: Line 14:
| intl =
| intl =
| area_served =
| area_served =
}}Trustico is a dedicated [[SSL certificate|SSL Certificate]] Provider headquartered in the [[United Kingdom]].
}}Trustico is a dedicated [[SSL certificate|SSL Certificate]] Provider, whose headquarters are in the [[United Kingdom]].


==History==
==History==
The company was founded in 2006 in United Kingdom by Zane Lucas. They gradually spread around the world over the following years. The firm currently operates entirely in the selling of SSL Certificates.<ref>{{Cite web|url=https://www.crunchbase.com/organization/trustico#section-locked-charts|title=Trustico {{!}} Crunchbase|website=Crunchbase|language=en|access-date=2018-09-24}}</ref>
The company was founded in 2006 in United Kingdom by Zane Lucas. They gradually spread around the world over the following years. The firm currently operates entirely in the selling of SSL Certificates.<ref>{{Cite web|url=https://www.crunchbase.com/organization/trustico#section-locked-charts|title=Trustico {{!}} Crunchbase|website=Crunchbase|language=en|access-date=2018-09-24}}</ref>


In June 22, 2017, Trustico enters a Partnership with [[Comodo Group|Comodo]], a developer of [[Computer security|cyber security]] solutions{{solution-inline|date=August 2019}} and [[Public key certificate|digital certificates.]]<ref>{{Cite web|url=https://www.prnewswire.com/news-releases/comodo-and-trustico-team-up-in-strategic-worldwide-partnership-300478084.html|title=Comodo and Trustico Team Up in Strategic Worldwide Partnership|website=www.prnewswire.com|language=en|access-date=2018-09-24}}</ref><ref>{{Cite news|url=https://news.webhosting.info/strategic-global-partnership-announced-between-comodo-and-trustico/|title=Strategic global partnership announced between Comodo and Trustico - News @ WebHosting.info|date=2017-06-23|work=News @ WebHosting.info|access-date=2018-09-24|language=en-US}}</ref>
On 22 June 2017 Trustico entered a Partnership with [[Comodo Group|Comodo]], a developer of [[Computer security|cyber security]] solutions{{solution-inline|date=August 2019}} and [[Public key certificate|digital certificates.]]<ref>{{Cite web|url=https://www.prnewswire.com/news-releases/comodo-and-trustico-team-up-in-strategic-worldwide-partnership-300478084.html|title=Comodo and Trustico Team Up in Strategic Worldwide Partnership|website=www.prnewswire.com|language=en|access-date=2018-09-24}}</ref><ref>{{Cite news|url=https://news.webhosting.info/strategic-global-partnership-announced-between-comodo-and-trustico/|title=Strategic global partnership announced between Comodo and Trustico - News @ WebHosting.info|date=2017-06-23|work=News @ WebHosting.info|access-date=2018-09-24|language=en-US}}</ref>


The company became notable in March 2018, after its CEO transferred the [[private key]]s for 23,000 [[HTTPS]] certificates via [[email]] (a non-secure protocol) to an executive at [[DigiCert]].<ref name="ars23k">{{cite web|url=https://arstechnica.com/information-technology/2018/03/23000-https-certificates-axed-after-ceo-e-mails-private-keys/|title=23,000 HTTPS certificates axed after CEO emails private keys|publisher=}}</ref><ref>{{cite web|url=http://www.zdnet.com/article/trustico-compromises-own-customers-https-private-keys-in-spat-with-partner/|title=Trustico compromises own customers' HTTPS private keys in spat with partner|first=Zack|last=Whittaker|publisher=}}</ref><ref name=":0">{{cite web|url=https://www.securityweek.com/23000-digital-certificates-revoked-digicert-trustico-spat|title=23,000 Digital Certificates Revoked in DigiCert-Trustico Spat - SecurityWeek.Com|website=www.securityweek.com}}</ref><ref name="reg23k">{{cite web|url=https://www.theregister.co.uk/2018/03/01/trustico_digicert_symantec_spat/|title=23,000 HTTPS certs will be axed in next 24 hours after private keys leak|publisher=The Register|access-date=11 September 2018}}</ref><ref>{{cite web|url=https://news.ycombinator.com/item?id=16492284|title=How not to run a CA - Hacker News|website=news.ycombinator.com}}</ref> The fact that these private keys had been stored by Trustico suggested that Trustico had been violating the baseline requirements for certificate authorities.<ref name="ars23k" />
The company became notable in March 2018, after its CEO transferred the [[private key]]s for 23,000 [[HTTPS]] certificates via [[email]] (a non-secure protocol) to an executive at [[DigiCert]].<ref name="ars23k">{{cite web|url=https://arstechnica.com/information-technology/2018/03/23000-https-certificates-axed-after-ceo-e-mails-private-keys/|title=23,000 HTTPS certificates axed after CEO emails private keys|publisher=}}</ref><ref>{{cite web|url=http://www.zdnet.com/article/trustico-compromises-own-customers-https-private-keys-in-spat-with-partner/|title=Trustico compromises own customers' HTTPS private keys in spat with partner|first=Zack|last=Whittaker|publisher=}}</ref><ref name=":0">{{cite web|url=https://www.securityweek.com/23000-digital-certificates-revoked-digicert-trustico-spat|title=23,000 Digital Certificates Revoked in DigiCert-Trustico Spat - SecurityWeek.Com|website=www.securityweek.com}}</ref><ref name="reg23k">{{cite web|url=https://www.theregister.co.uk/2018/03/01/trustico_digicert_symantec_spat/|title=23,000 HTTPS certs will be axed in next 24 hours after private keys leak|publisher=The Register|access-date=11 September 2018}}</ref><ref>{{cite web|url=https://news.ycombinator.com/item?id=16492284|title=How not to run a CA - Hacker News|website=news.ycombinator.com}}</ref> The fact that these private keys had been stored by Trustico suggested that Trustico had been violating the baseline requirements for certificate authorities.<ref name="ars23k" />
Line 32: Line 32:


=== Symantec abandonment, 2018 ===
=== Symantec abandonment, 2018 ===
Following [[Google|Google's]] statement, on September 11, 2017, to distrust [[Symantec|Symantec's]] SSL Certificates for unsatisfactory security standards.<ref>{{Cite news|url=https://security.googleblog.com/2017/09/chromes-plan-to-distrust-symantec.html|title=Chrome’s Plan to Distrust Symantec Certificates|work=Google Online Security Blog|access-date=2018-09-24|language=en-US}}</ref><ref>{{Cite news|url=https://hackernoon.com/google-distrust-of-symantec-ssl-certificates-why-is-it-important-9a5bb35a35f5|title=Google distrust of Symantec SSL certificates. Why is it important?|date=2018-04-16|work=Hacker Noon|access-date=2018-09-24}}</ref> Trustico followed suit in abandoning Symantec issued SSL Certificates.<ref>{{Cite news|url=https://www.enterprisetimes.co.uk/2018/02/19/trustico-abandons-symantec-ssl-certificates/|title=Trustico abandons Symantec SSL certificates -|date=2018-02-19|work=Enterprise Times|access-date=2018-09-24|language=en-GB}}</ref><ref>{{Cite news|url=https://www.businesswire.com/news/home/20180214006519/en/Trustico%C2%AE-Abandons-Symantec%C2%AE-SSL-Certificates|title=Trustico® Abandons Symantec® SSL Certificates|access-date=2018-09-24|language=en}}</ref> Trustico offered replacements to all Symantec [[Certificate authority|CA]] Certificates issued between June 2016 and December 2017 in compensation for those affected by the abandonment.<ref name=":0" />
Following [[Google|Google's]] statement, on 11 September 2017, to distrust [[Symantec|Symantec's]] SSL Certificates for unsatisfactory security standards.<ref>{{Cite news|url=https://security.googleblog.com/2017/09/chromes-plan-to-distrust-symantec.html|title=Chrome’s Plan to Distrust Symantec Certificates|work=Google Online Security Blog|access-date=2018-09-24|language=en-US}}</ref><ref>{{Cite news|url=https://hackernoon.com/google-distrust-of-symantec-ssl-certificates-why-is-it-important-9a5bb35a35f5|title=Google distrust of Symantec SSL certificates. Why is it important?|date=2018-04-16|work=Hacker Noon|access-date=2018-09-24}}</ref> Trustico followed suit in abandoning Symantec issued SSL Certificates.<ref>{{Cite news|url=https://www.enterprisetimes.co.uk/2018/02/19/trustico-abandons-symantec-ssl-certificates/|title=Trustico abandons Symantec SSL certificates -|date=2018-02-19|work=Enterprise Times|access-date=2018-09-24|language=en-GB}}</ref><ref>{{Cite news|url=https://www.businesswire.com/news/home/20180214006519/en/Trustico%C2%AE-Abandons-Symantec%C2%AE-SSL-Certificates|title=Trustico® Abandons Symantec® SSL Certificates|access-date=2018-09-24|language=en}}</ref> Trustico offered replacements to all Symantec [[Certificate authority|CA]] Certificates issued between June 2016 and December 2017 in compensation for those affected by the abandonment.<ref name=":0" />


=== DigiCert and Trustico spat, 2018 ===
=== DigiCert and Trustico spat, 2018 ===
On February 2, Trustico sends an email to DigiCert requesting the revocation of all Symantec Certificates - around 50,000 - managed by DigiCert. DigiCert, who had recently acquired Symantec's<ref>{{Cite news|url=https://security.googleblog.com/2018/03/distrust-of-symantec-pki-immediate.html|title=Distrust of the Symantec PKI: Immediate action needed by site operators|work=Google Online Security Blog|access-date=2018-09-24|language=en-US}}</ref><ref>{{Cite news|url=https://blog.comodo.com/comodo-news/certain-death-for-symantec-branded-certificates/|title=Symantec to sell SSL certificate and PKI business to DigiCert|date=2017-08-03|work=Comodo News and Internet Security Information|access-date=2018-09-24|language=en-US}}</ref><ref>{{Cite news|url=https://www.bleepingcomputer.com/news/business/symantec-sells-ssl-business-to-digicert-for-950m-in-cash-and-30-percent-shares/|title=Symantec Sells SSL Business to DigiCert for $950M in Cash and 30% Shares|work=BleepingComputer|access-date=2018-09-24|language=en-us}}</ref> CA business denies the request to mass-revoke the certificates. On February 25, DigiCert terminates its contract with Trustico after Trustico said it would seek a legal opinion on the matter.<ref name=":1">{{Cite news|url=https://www.bleepingcomputer.com/news/security/23-000-users-lose-ssl-certificates-in-trustico-digicert-spat/|title=23,000 Users Lose SSL Certificates in Trustico-DigiCert Spat|work=BleepingComputer|access-date=2018-09-24|language=en-us}}</ref>
On 2 February Trustico sent an email to DigiCert requesting the revocation of all Symantec Certificates - around 50,000 - managed by DigiCert. DigiCert, who had recently acquired Symantec's<ref>{{Cite news|url=https://security.googleblog.com/2018/03/distrust-of-symantec-pki-immediate.html|title=Distrust of the Symantec PKI: Immediate action needed by site operators|work=Google Online Security Blog|access-date=2018-09-24|language=en-US}}</ref><ref>{{Cite news|url=https://blog.comodo.com/comodo-news/certain-death-for-symantec-branded-certificates/|title=Symantec to sell SSL certificate and PKI business to DigiCert|date=2017-08-03|work=Comodo News and Internet Security Information|access-date=2018-09-24|language=en-US}}</ref><ref>{{Cite news|url=https://www.bleepingcomputer.com/news/business/symantec-sells-ssl-business-to-digicert-for-950m-in-cash-and-30-percent-shares/|title=Symantec Sells SSL Business to DigiCert for $950M in Cash and 30% Shares|work=BleepingComputer|access-date=2018-09-24|language=en-us}}</ref> CA business denies the request to mass-revoke the certificates. On 25 February DigiCert terminated its contract with Trustico after Trustico said it would seek a legal opinion on the matter.<ref name=":1">{{Cite news|url=https://www.bleepingcomputer.com/news/security/23-000-users-lose-ssl-certificates-in-trustico-digicert-spat/|title=23,000 Users Lose SSL Certificates in Trustico-DigiCert Spat|work=BleepingComputer|access-date=2018-09-24|language=en-us}}</ref>


On February 27, DigiCert releases a statement claiming they had received an email from Trustico containing over 23,000 private keys before mass emailing Trustico's customers about the security breach.<ref name="ars23k" /><ref name=":1" />
On 27 February DigiCert released a statement claiming they had received an email from Trustico containing over 23,000 private keys before mass emailing Trustico's customers about the security breach.<ref name="ars23k" /><ref name=":1" />


== See also ==
== See also ==

Revision as of 09:29, 21 October 2019

Trustico
Company typePrivate company
IndustryInternet security, Public key infrastructure
Headquarters,

Trustico is a dedicated SSL Certificate Provider, whose headquarters are in the United Kingdom.

History

The company was founded in 2006 in United Kingdom by Zane Lucas. They gradually spread around the world over the following years. The firm currently operates entirely in the selling of SSL Certificates.[2]

On 22 June 2017 Trustico entered a Partnership with Comodo, a developer of cyber security solutions[buzzword] and digital certificates.[3][4]

The company became notable in March 2018, after its CEO transferred the private keys for 23,000 HTTPS certificates via email (a non-secure protocol) to an executive at DigiCert.[5][6][7][1][8] The fact that these private keys had been stored by Trustico suggested that Trustico had been violating the baseline requirements for certificate authorities.[5]

This was followed by the disclosure of a critical security flaw – a publicly accessible root shell – in the Trustico website, after which the website was taken offline.[9][10] The result was that thousands of Trustico customers had their security certificates revoked by DigiCert.[1]

Products

  • SSL Certificates

Controversies

Symantec abandonment, 2018

Following Google's statement, on 11 September 2017, to distrust Symantec's SSL Certificates for unsatisfactory security standards.[11][12] Trustico followed suit in abandoning Symantec issued SSL Certificates.[13][14] Trustico offered replacements to all Symantec CA Certificates issued between June 2016 and December 2017 in compensation for those affected by the abandonment.[7]

DigiCert and Trustico spat, 2018

On 2 February Trustico sent an email to DigiCert requesting the revocation of all Symantec Certificates - around 50,000 - managed by DigiCert. DigiCert, who had recently acquired Symantec's[15][16][17] CA business denies the request to mass-revoke the certificates. On 25 February DigiCert terminated its contract with Trustico after Trustico said it would seek a legal opinion on the matter.[18]

On 27 February DigiCert released a statement claiming they had received an email from Trustico containing over 23,000 private keys before mass emailing Trustico's customers about the security breach.[5][18]

See also

References

  1. ^ a b c d "23,000 HTTPS certs will be axed in next 24 hours after private keys leak". The Register. Retrieved 11 September 2018.
  2. ^ "Trustico | Crunchbase". Crunchbase. Retrieved 2018-09-24.
  3. ^ "Comodo and Trustico Team Up in Strategic Worldwide Partnership". www.prnewswire.com. Retrieved 2018-09-24.
  4. ^ "Strategic global partnership announced between Comodo and Trustico - News @ WebHosting.info". News @ WebHosting.info. 2017-06-23. Retrieved 2018-09-24.
  5. ^ a b c "23,000 HTTPS certificates axed after CEO emails private keys".
  6. ^ Whittaker, Zack. "Trustico compromises own customers' HTTPS private keys in spat with partner".
  7. ^ a b "23,000 Digital Certificates Revoked in DigiCert-Trustico Spat - SecurityWeek.Com". www.securityweek.com.
  8. ^ "How not to run a CA - Hacker News". news.ycombinator.com.
  9. ^ "Trustico website goes dark after someone drops critical flaw on Twitter".
  10. ^ "HTTPS cert flingers Trustico, SSL Direct go TITSUP after website security blunder blabbed".
  11. ^ "Chrome's Plan to Distrust Symantec Certificates". Google Online Security Blog. Retrieved 2018-09-24.
  12. ^ "Google distrust of Symantec SSL certificates. Why is it important?". Hacker Noon. 2018-04-16. Retrieved 2018-09-24.
  13. ^ "Trustico abandons Symantec SSL certificates -". Enterprise Times. 2018-02-19. Retrieved 2018-09-24.
  14. ^ "Trustico® Abandons Symantec® SSL Certificates". Retrieved 2018-09-24.
  15. ^ "Distrust of the Symantec PKI: Immediate action needed by site operators". Google Online Security Blog. Retrieved 2018-09-24.
  16. ^ "Symantec to sell SSL certificate and PKI business to DigiCert". Comodo News and Internet Security Information. 2017-08-03. Retrieved 2018-09-24.
  17. ^ "Symantec Sells SSL Business to DigiCert for $950M in Cash and 30% Shares". BleepingComputer. Retrieved 2018-09-24.
  18. ^ a b "23,000 Users Lose SSL Certificates in Trustico-DigiCert Spat". BleepingComputer. Retrieved 2018-09-24.