www.darkreading.com
Open in
urlscan Pro
2606:4700::6811:7663
Public Scan
URL:
https://www.darkreading.com/dr-tech/search-ct-logs-for-misconfigured-ssl-certificates
Submission: On December 07 via api from US — Scanned from DE
Submission: On December 07 via api from US — Scanned from DE
Form analysis 0 forms found in the DOM
Text Content
The Edge DR Tech Sections Close Back Sections Featured Sections The Edge Dark Reading Technology Attacks / Breaches Cloud IoT Physical Security Perimeter Analytics Security Monitoring Security Monitoring App Sec Database Security Database Security Risk Compliance Compliance Threat Intelligence Endpoint AuthenticationMobile SecurityPrivacy AuthenticationMobile SecurityPrivacy Vulnerabilities / Threats Advanced ThreatsInsider ThreatsVulnerability Management Advanced ThreatsInsider ThreatsVulnerability Management Operations Identity & Access ManagementCareers & People Identity & Access ManagementCareers & People Black Hat news Omdia Research Security Now Events Close Back Events Events * Cybersecurity Outlook 2022 - December 8 Virtual Event * SupportWorld Live: May 15-20, 2022, MGM Grand, Las Vegas, NV Webinars * Cybersecurity Forecast 2022: Snowpocalypse or cloudy with a chance of rain? Dec 09, 2021 * Beyond Patch Management: Next-Generation Approaches to Finding and Fixing Vulnerable Code Dec 07, 2021 Resources Close Back Resources White Papers > Reports > Issues > Tech Library > Slideshows > Videos > Subscribe Login / Register The Edge DR Tech Sections Close Back Sections Featured Sections The Edge Dark Reading Technology Attacks / Breaches Cloud IoT Physical Security Perimeter Analytics Security Monitoring Security Monitoring App Sec Database Security Database Security Risk Compliance Compliance Threat Intelligence Endpoint AuthenticationMobile SecurityPrivacy AuthenticationMobile SecurityPrivacy Vulnerabilities / Threats Advanced ThreatsInsider ThreatsVulnerability Management Advanced ThreatsInsider ThreatsVulnerability Management Operations Identity & Access ManagementCareers & People Identity & Access ManagementCareers & People Black Hat news Omdia Research Security Now Events Close Back Events Events * Cybersecurity Outlook 2022 - December 8 Virtual Event * SupportWorld Live: May 15-20, 2022, MGM Grand, Las Vegas, NV Webinars * Cybersecurity Forecast 2022: Snowpocalypse or cloudy with a chance of rain? Dec 09, 2021 * Beyond Patch Management: Next-Generation Approaches to Finding and Fixing Vulnerable Code Dec 07, 2021 Resources Close Back Resources White Papers > Reports > Issues > Tech Library > Slideshows > Videos > The Edge DR Tech Sections Close Back Sections Featured Sections The Edge Dark Reading Technology Attacks / Breaches Cloud IoT Physical Security Perimeter Analytics Security Monitoring Security Monitoring App Sec Database Security Database Security Risk Compliance Compliance Threat Intelligence Endpoint AuthenticationMobile SecurityPrivacy AuthenticationMobile SecurityPrivacy Vulnerabilities / Threats Advanced ThreatsInsider ThreatsVulnerability Management Advanced ThreatsInsider ThreatsVulnerability Management Operations Identity & Access ManagementCareers & People Identity & Access ManagementCareers & People Black Hat news Omdia Research Security Now Events Close Back Events Events * Cybersecurity Outlook 2022 - December 8 Virtual Event * SupportWorld Live: May 15-20, 2022, MGM Grand, Las Vegas, NV Webinars * Cybersecurity Forecast 2022: Snowpocalypse or cloudy with a chance of rain? Dec 09, 2021 * Beyond Patch Management: Next-Generation Approaches to Finding and Fixing Vulnerable Code Dec 07, 2021 Resources Close Back Resources White Papers > Reports > Issues > Tech Library > Slideshows > Videos > -------------------------------------------------------------------------------- Subscribe Login / Register SEARCH A minimum of 3 characters are required to be typed in the search bar in order to perform a search. Announcements 1. 2. Event Cybersecurity Outlook 2022 | A FREE Dark Reading & Black Hat Virtual Event | December 8, 2021 <REGISTER NOW> Alert Check out our NEW section called "DR Tech" for comprehensive coverage of new & emerging cybersecurity technology. PreviousNext Tech News and Analysis Brought to you by DR Tech DR Technology SEARCH CT LOGS FOR MISCONFIGURED SSL CERTIFICATES Security defenders can run these queries against Certificate Transparency logs to identify misconfigured SSL certificates before they can be used by adversaries to map out attacks. Dark Reading Staff Dark Reading November 19, 2021 Source: Geralt via Pixabay PDF Recent research revealed how enterprises can make mistakes while deploying security certificates and inadvertently expose company information to malicious actors– but this Tech Tip illustrates how to identify misconfigured certificates before they can cause any issues. SSL/TLS certificates are issued by certificate authorities to authenticate and secure browser connections. Encryption ensures malicious actors are not able to steal, eavesdrop, or manipulate the online communications while in transit during those browser sessions. In an analysis of over 900 million public SSL/TLS certificates and associated events, researchers from Detectify Labs discovered that many certificates were exposing information that attackers could use to map out the attack surface, or were misconfigured in ways attackers could take advantage. Domain owners need to continually monitor their SSL certificates for weaknesses or suspicious behavior before they are abused by attackers, says Fredrik Nordberg Almroth, co-founder and security researcher at Detectify. Track Misconfigured Certs With CT Certificate Transparency, an open framework for auditing certificates, is one way to find certificates that may be exposing too much information or have been misconfigured, Almroth says. Since CT logs are publicly available, public search tools – such as the web interface crt.sh or Censys.io -- can be used to query for certificates and the information they contain. Tools such as crt.sh and Censys let domain owners search for a given domain and collect various subdomains and email addresses that are associated with the domain, Almroth says. One way to identify old and insecurely signed certificates is to run search queries for weak hash algorithms on Censys. * A search for certificates that use the cryptographically broken but still widely used “MD5” algorithm * Showing results for certifications using the SHA-1 algorithm. "There are several ways an attacker could use public information about SSL/TLS certificates to map out a company's attack surface to understand where the weaknesses are,” Almroth wrote in a summary of the team’s research. Certificates Expose Too Much Info Detectify Labs researchers discovered that the “overwhelming majority of newly certified domains” had names descriptive enough to reveal potentially sensitive information. The names could help an attacker map out different systems and applications in the company’s environment or identify specific teams and projects to target in social engineering campaigns. If the domain name refers to a product still in development, that fact could tip off the existence of the product to competitors and allow them to potentially undermine the product before it comes to market. Information about the certificates – such as its expiration data or the algorithm used to sign the certificates – could also create new entry points into the organization’s infrastructure, the researchers said in the Detectify report. For example, an attacker could create another certificate with the same signature and masquerade as the targeted service and intercept online communications. Finally, about 13% of the data set analyzed by the researchers used wildcard certificates, which are susceptible to Application Layer Protocols Allowing Cross-Protocol Attack. ALPACA can be used to trick servers with unencrypted protocols to execute cross-site scripting attacks or to steal cookies and user data. "SSL/TLS certificates make the internet a safer place, but many companies are unaware that their certificates can become a looking glass into the organization -- potentially leaking confidential information and creating new entry points for attackers," the researchers said. PerimeterCloudAttacks/BreachesAdvanced Threats Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox. Subscribe Recommended Reading: 7 Ways to Reduce Cyber Threats From Remote Workers Reuven Aronashvili 5 April 2021 darkreading.com 7 Ways to Reduce Cyber Threats From Remote Workers The pandemic's decline won't stop the work-from-home trend nor the im… Software, Incident Response Among Big Focus Areas in Biden's Cybersecu… Jai Vijayan 13 May 2021 darkreading.com Software, Incident Response Among Big Focus Areas in Biden's Cybersecurity Executive Order Overall objectives are good, … Attackers Compromised Code-Checking Vendor's Tool for Two Months Robert Lemos 20 April 2021 darkreading.com Attackers Compromised Code-Checking Vendor's Tool for Two Months A script used to upload sensitive reports-with access t… How to Build a Resilient IoT Framework Samuel Greengard 1 April 2021 darkreading.com How to Build a Resilient IoT Framework For all of their benefits, IoT devices weren't built with security in mind -- and… How the Biden Administration Can Make Digital Identity a Reality Hal Granoff 16 April 2021 darkreading.com How the Biden Administration Can Make Digital Identity a Reality A digital identity framework is the answer to the US go… Watch Out for These Cyber-Risks Ken Todd 30 March 2021 darkreading.com Watch Out for These Cyber-Risks It's difficult to predict what will materialize in the months ahead in terms of cyber-ri… More Insights White Papers * Protecting Your Mainframe Against Relentless Ransomware * 2021 Ransomware Threat Report More White Papers Webinars * Cybersecurity Forecast 2022: Snowpocalypse or cloudy with a chance of rain? * Beyond Patch Management: Next-Generation Approaches to Finding and Fixing Vulnerable Code More Webinars Reports * 10 Hot Talks From Black Hat USA 2021 * Enterprise Cybersecurity Plans in a Post-Pandemic World More Reports Editors' Choice In Appreciation: Dark Reading's Tim Wilson Dark Reading Staff, Dark Reading Finding Your Niche in Cybersecurity Kristina Balaam, Senior Security Intelligence Engineer, Lookout HP Issues Firmware Updates for Printer Product Vulnerabilities Jai Vijayan, Contributing Writer 10 Stocking Stuffers for Security Geeks Ericka Chickowski, Contributing Writer Webinars * Cybersecurity Forecast 2022: Snowpocalypse or cloudy with a chance of rain? * Beyond Patch Management: Next-Generation Approaches to Finding and Fixing Vulnerable Code * How to Evolve from DevOps to DevSecOps * Protecting Enterprise Data from Malicious Insiders * Getting SASE: What Every Enterprise Should Know More Webinars White Papers * Protecting Your Mainframe Against Relentless Ransomware * 2021 Ransomware Threat Report * Elastic Cloud Networking: Six Tests You Need Now * Simple Solutions for Continuous Visibility to Active Directory Exposures & Live Attacks * Questions to Ask in Evaluating a Deception-Based Cybersecurity Solution More White Papers Events * Cybersecurity Outlook 2022 - December 8 Virtual Event * SupportWorld Live: May 15-20, 2022, MGM Grand, Las Vegas, NV More Events More Insights White Papers * Protecting Your Mainframe Against Relentless Ransomware * 2021 Ransomware Threat Report More White Papers Webinars * Cybersecurity Forecast 2022: Snowpocalypse or cloudy with a chance of rain? * Beyond Patch Management: Next-Generation Approaches to Finding and Fixing Vulnerable Code More Webinars Reports * 10 Hot Talks From Black Hat USA 2021 * Enterprise Cybersecurity Plans in a Post-Pandemic World More Reports DISCOVER MORE FROM INFORMA TECH * Interop * InformationWeek * Network Computing * ITPro Today * Data Center Knowledge * Black Hat * Omdia WORKING WITH US * About Us * Advertise * Reprints FOLLOW DARK READING ON SOCIAL * * * * * Home * Cookies * Privacy * Terms Copyright © 2021 Informa PLC Informa UK Limited is a company registered in England and Wales with company number 1072954 whose registered office is 5 Howick Place, London, SW1P 1WG. This site uses cookies to provide you with the best user experience possible. By using Dark Reading, you accept our use of cookies. Accept