meta_pixel
Tapesearch Logo
Log in
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

ISC StormCast for Monday, June 1st 2020

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS ISC Handlers

Tech News, News, Technology

4.9696 Ratings

🗓️ 1 June 2020

⏱️ 6 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Sectigo CA; Sign in With Apple Flaw; DABANGG; FIDO @fidoalliance

Transcript

Click on a timestamp to play from that location

0:00.0

Hello, welcome to the Monday, June 1st, 2020 edition of the Sansanet Storm Center's Stormcast.

0:07.1

My name is Johannes Ulrich, and I'm recording from Jacksonville, Florida.

0:13.8

This weekend, the Sectical at Trust External Certific Authority route was expiring.

0:23.7

Now, sectico, not really a household name,

0:33.0

but you may have heard of Komodo, which is essentially sectical, and the route CA that was expiring here was particularly used to cross-sign certificates. Whenever a new certificate authority starts up, there is of course that problem, the beginning, that nobody trusts that certificate authority yet.

0:46.3

Initially, for example, let's encrypt had this problem.

0:50.3

And the result or the solution here is that you can ask an already established, trusted

0:57.1

certificate authority to cross-sign your certificates. So now essentially there are two root

1:03.3

certificates that are used to sign your certificates. And then hopefully browsers will have

1:09.8

one of those root certificates in their trust store and use it.

1:14.8

Now, this particular Sactico certificate authority was expiring on Saturday,

1:22.7

and in particular in the EDU space, it was heavily used,

1:27.0

but also some other Komodo in particular in the EDU space, it was heavily used, but also some other Komodo in particular

1:29.8

derived certificates were cross-signed using this certificate authority, and in some cases

1:36.2

you may have been experiencing TLS errors as a result. The problem doesn't seem to be widespread

1:43.5

because there should also be that

1:46.0

second set of authority, but embedded devices, older operating systems or such that haven't been

1:53.7

updated with a new set of root certificates, they may still rely on this sectico at trust external CA for actually to verify

2:05.5

certificates. So if you experienced issues like this over the weekend, like Saturday is when

2:12.4

this certificate expired, well, you have to update your certificates that's sort of one fix. Also, make sure that

2:20.6

on the declined, the certificate trust store, basically keep all the trusted, certificate authorities

2:25.7

is up to date. That's something that's typically being updated with operating system updates,

...

Please login to see the full transcript.

Previous episode | Next episode

Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.

Copyright © Tapesearch 2025.