the diginotar crisis
play

The DigiNotar crisis from incident response to crisis coordination - PowerPoint PPT Presentation

Apr 10, 2023 •336 likes •649 views

The DigiNotar crisis from incident response to crisis coordination Aart Jochem NCSC-NL FIRST Conference Malta - 18 June 2012 Wave 1 Wave 1 Early nineties: Phil Zimmerman releases PGP Photo Phill Zimmerman Pretty Good Privacy Early

  1. The DigiNotar crisis from incident response to crisis coordination Aart Jochem NCSC-NL FIRST Conference Malta - 18 June 2012

  2. Wave 1 Wave 1

  3. Early nineties: Phil Zimmerman releases PGP Photo Phill Zimmerman Pretty Good Privacy

  4. Early nineties: Whitfield Diffie works on public policy aspects of cryptography Photo Whitfield Diffie public policy aspects of cryptography

  6. Wave 2 Wave 2

  7. Memorandum Vulnerabilities on the Internet July 2001

  9. Wave 3 Wave 3

  10. Large scale incidents triggers also military respons Photo of Hillar Aarelaid Was it Hillar or John? Photo of John McCane in Die Hard 4

  12. PKI Policy Audit PA Revo- cation RA CA

  15. Video

  16. DigiNotar DigiNotar Public CA PKIOverheid CA Sub CA Sub CA Sub CA Sub CA

  18. DigiNotar d DigiNotar e Public CA PKIOverheid CA k c a H Sub CA Sub CA Sub CA Sub CA

  21. d DigiNotar DigiNotar d e Public CA PKIOverheid CA e k k c c a a H H Sub CA Sub CA Sub CA Sub CA

  23. From: Erik de Jong (GOVCERT.NL) From: Aart Jochem (GOVCERT.NL) Sent: vrijdag 2 september 2011 23:59 Sent: zaterdag 3 september 2011 23:51 To: Alle medewerkers GOVCERT.NL To: Alle medewerkers GOVCERT.NL Subject: De middernachtscrisishaiku Subject: RE: De middernachtscrisishaiku Het is tijd voor de traditionele [1] middernachtscrisishaiku. When trust revoked Computers silenced in rack Trust builds up slowly You and me remain SSL certificates *Poooof* trust gone like that Aart From: Bob (GOVCERT.NL) Sent: Maandag 5 september 2011 23:58 To: Alle medewerkers GOVCERT.NL [1] Elke traditie kent een begin. Subject: RE: De middernachtscrisishaiku GOVCERT.NL T +31 70 888 75 55 I www.govcert.nl Bits, elements of trust E info@govcert.nl PGP Fingerprint: 5EF4 6F80 7530 1583 E140 D918 Gateways to precious freedom BC24 36AC 1045 1333 Sorry, revoked Bob

  24. Building up a crisis Crisis Effort Parliament, *.google.com Hack fact finding, etc June July August Sept Oct No role yet Coörd Expert IR

  25. What’s next? What’s next?

  26. A PKI is a critical infrastructure • Treat it like one • Create awareness • Monitor the RA’s and CA’s • Strengthen oversight

  27. Manage certificate as assets • Have an inventory • Add to asset management system • Provide for backups

  28. Support secure techniques • Look into the new IETF draft RFC for Dane • Adopt DNSSEC

  29. PKI Browser Policy Audit PA suppliers Revo- cation CAB RA CA Forum

  30. Sum m ary • PKI is a critical infrastructure, treat it like one • Manage individual certificates as assets • Support development and implementation of secure techniques • Go through scenarios where your CA becomes untrusted

  31. The DigiNotar Crisis from incident response to crisis coordination Aart.Jochem @ ncsc.nl FI RST Conference Malta - 1 8 June 2 0 1 2

Recommend

Boring crypto Some recent TLS failures Daniel J. Bernstein Diginotar CA compromise. University

Boring crypto Some recent TLS failures Daniel J. Bernstein Diginotar CA compromise. University

Boring crypto Some recent TLS failures Daniel J. Bernstein Diginotar CA compromise. University of Illinois at Chicago & BEAST CBC attack. Technische Universiteit Eindhoven Trustwave HTTPS interception. CRIME compression attack. Lucky 13

1.3k views • 128 slides
Incidents of the Week Wikileaks disclosure of unedited cables DigiNotar fake certificates

Incidents of the Week Wikileaks disclosure of unedited cables DigiNotar fake certificates

Incidents of the Week Wikileaks disclosure of unedited cables DigiNotar fake certificates Wikileaks: What Happened Wikileaks disclosed unedited version of leaked cables to The Guardian Encrypted file was hidden in the

584 views • 45 slides
Mission Accomplished? HTTPS Security after DigiNotar Johanna Amann* ICSI / LBL / Corelight

Mission Accomplished? HTTPS Security after DigiNotar Johanna Amann* ICSI / LBL / Corelight

Mission Accomplished? HTTPS Security after DigiNotar Johanna Amann* ICSI / LBL / Corelight Oliver Gasser* Technical University of Munich Quirin Scheitle* Technical University of Munich Lexi Brent The University of Sydney Georg Carle

631 views • 39 slides
Two Views 1 It's been proven now that the crisis is not a Greek crisis. The crisis is a

Two Views 1 It's been proven now that the crisis is not a Greek crisis. The crisis is a

Two Views 1 It's been proven now that the crisis is not a Greek crisis. The crisis is a European crisis. So now is the time that we as Europeans need to act decisively and effectively." Greek Prime Minister George Papandreou

155 views • 13 slides
Who we are. . What we do. The Crisis Response Network, Inc (CRN) operates a 24/7 crisis

Who we are. . What we do. The Crisis Response Network, Inc (CRN) operates a 24/7 crisis

Who we are. . What we do. The Crisis Response Network, Inc (CRN) operates a 24/7 crisis hotline and provides a continuum of services to anyone experiencing a crisis, including: 24/7 Crisis hotline 24/7 Peer operated warm line

209 views • 17 slides
CRISIS? WHAT CRISIS? How to avoid making a drama out of a crisis by Chris Green We can all spot

CRISIS? WHAT CRISIS? How to avoid making a drama out of a crisis by Chris Green We can all spot

CRISIS? WHAT CRISIS? How to avoid making a drama out of a crisis by Chris Green We can all spot a gaffe... The wrong type of snow Leaves on the line A good day to bury bad news I would like my life back Because

496 views • 15 slides
CRISIS MANAGEMENT 2 3 1 3/6/2018 4 An Airline in Crisis AA is shattered by the terrorist

CRISIS MANAGEMENT 2 3 1 3/6/2018 4 An Airline in Crisis AA is shattered by the terrorist

3/6/2018 Twelve Years of Turbulence: The Role of Lawyers During Times of Crisis Gary Kennedy Former Senior Vice President and General Counsel American Airlines CRISIS MANAGEMENT 2 3 1 3/6/2018 4 An Airline in Crisis AA is shattered

228 views • 10 slides
Works For All The Global Economic Crisis Evolution of the Crisis A Bursting Housing Bubble.

Works For All The Global Economic Crisis Evolution of the Crisis A Bursting Housing Bubble.

An Economy That Works For All The Global Economic Crisis Evolution of the Crisis A Bursting Housing Bubble. A Global Credit Market Crisis. A Global Recession and Employment Crisis. Sovereign Debt Crisis. Fundamental Imbalances

147 views • 11 slides
Recovery in Crisis Intervention Tom Farebrother Registered Manager November 2014 Crisis

Recovery in Crisis Intervention Tom Farebrother Registered Manager November 2014 Crisis

Recovery in Crisis Intervention Tom Farebrother Registered Manager November 2014 Crisis Presentations: What are we dealing with? Presentation Clusters Crisis Interventions Constructive Journeys Through Crisis Case

274 views • 9 slides
Crisis and Crisis and Vulnerability Vulnerability ILO Crisis Response : Trainers Guide

Crisis and Crisis and Vulnerability Vulnerability ILO Crisis Response : Trainers Guide

SESSION Crisis and Vulnerability VI 1 Crisis and Crisis and Vulnerability Vulnerability ILO Crisis Response : Trainers Guide InFocus Programme on Crisis Response and Reconstruction IFP/CRISIS SESSION Crisis and Vulnerability VI

434 views • 16 slides
When it Hits the Fan: Preparing for the Worst By Alex Green Overview What is a Crisis

When it Hits the Fan: Preparing for the Worst By Alex Green Overview What is a Crisis

When it Hits the Fan: Preparing for the Worst By Alex Green Overview What is a Crisis Crisis Mgmt Framework Consider the Crisis Reactive or Proactive? Plan the Six Ps Putting it Together Group Exercise Crisis

593 views • 17 slides
The crisis of the euro-zone: EMU structural imbalances, the sovereign debt crisis and the response

The crisis of the euro-zone: EMU structural imbalances, the sovereign debt crisis and the response

The crisis of the euro-zone: EMU structural imbalances, the sovereign debt crisis and the response of the EU Professor Leila Simona Talani Kings College London Main points: The global financial crisis was an unprecedented blow to the

532 views • 10 slides
Jonathan and Erik Bernstein Bernstein Crisis Management, Inc Crisis Management Best Practices

Jonathan and Erik Bernstein Bernstein Crisis Management, Inc Crisis Management Best Practices

BEST PRACTICES IN CRISIS MANAGEMENT Jonathan and Erik Bernstein Bernstein Crisis Management, Inc Crisis Management Best Practices Crisis Prevention Organizations must plan for crises or they are, de facto, planning to have a crisis.

417 views • 18 slides
Crisis Management Rachel Anderson Madeline Kilburn Jieun Lee Alexa Lewis Erica Nash-Wood

Crisis Management Rachel Anderson Madeline Kilburn Jieun Lee Alexa Lewis Erica Nash-Wood

Crisis Management Rachel Anderson Madeline Kilburn Jieun Lee Alexa Lewis Erica Nash-Wood WHAT IS A CRISIS ? Personnel Crisis Systemic Crisis Contextual Crisis Why companies need crisis management plans 1. To plan strategic procedures

417 views • 24 slides
HOW WE CAN HELP? A SHORT SLIDE-SHOW ABOUT MIGRATION CRISIS AND A DISCUSSION REGARDING TO POSSIBLE

HOW WE CAN HELP? A SHORT SLIDE-SHOW ABOUT MIGRATION CRISIS AND A DISCUSSION REGARDING TO POSSIBLE

HOW WE CAN HELP? A SHORT SLIDE-SHOW ABOUT MIGRATION CRISIS AND A DISCUSSION REGARDING TO POSSIBLE SOLUTIONS OF HOW WE CAN SOLVE IT WHAT IS A MIGRATION CRISIS? The European migrant crisis, also known as the refugee crisis, is a period beginning

251 views • 12 slides
Considerations about the Crisis 1. Marx, Keynes, Crisis: A Reprise 2. US and European Economic

Considerations about the Crisis 1. Marx, Keynes, Crisis: A Reprise 2. US and European Economic

End of the economic crisis? The US and Europe in the light of Keynes and Marx Gary Dymski Professor, Economics Division Leeds University Business School 31 March 2014 University of Leeds Considerations about the Crisis 1. Marx, Keynes, Crisis:

680 views • 54 slides
TO SEE OR BECOME AWARE OF SOMETHING THAT HAS NOT YET HAPPENED TRAINING THE CRISIS IN CRISIS

TO SEE OR BECOME AWARE OF SOMETHING THAT HAS NOT YET HAPPENED TRAINING THE CRISIS IN CRISIS

TO SEE OR BECOME AWARE OF SOMETHING THAT HAS NOT YET HAPPENED TRAINING THE CRISIS IN CRISIS MANAGEMENT Klas Lindstrm Managing Director 4C Strategies Understand what you need to do to achieve your desired end state Understand Build your

521 views • 30 slides
Compassionate Approaches to Crisis Webinar Series Warmlines: Crisis and Supplemental Supports

Compassionate Approaches to Crisis Webinar Series Warmlines: Crisis and Supplemental Supports

Compassionate Approaches to Crisis Webinar Series Warmlines: Crisis and Supplemental Supports Jess Stohlmann-Rainey, Rocky Mountain Crisis Partners Shira Collings, Host, National Empowerment Center 1 Disclaimer This webinar was developed [in

462 views • 18 slides
The South African Institute of International Affairs (SAIIA), and The BRICS Policy Centre (BPC),

The South African Institute of International Affairs (SAIIA), and The BRICS Policy Centre (BPC),

UNDP PRESENTATION TO THE The South African Institute of International Affairs (SAIIA), and The BRICS Policy Centre (BPC), A heath A hea th crisis. crisis. A huma A human n crisis. crisis. A de A developme elopment nt crisis. crisis.

588 views • 16 slides
Security Crisis Management Emmanuel FUCHS Slides available soon at www.Elfuchs.Fr Crisis

Security Crisis Management Emmanuel FUCHS Slides available soon at www.Elfuchs.Fr Crisis

Security Crisis Management Emmanuel FUCHS Slides available soon at www.Elfuchs.Fr Crisis Management Crisis Definition Crisis Management Overview Crisis Management Process Risk Analysis Risk Analysis Case (quantitative )

1.21k views • 102 slides
Pittsburgh Bureau of Police Crisis I nte rve ntio n T e am E st. 2007 What is the Crisis

Pittsburgh Bureau of Police Crisis I nte rve ntio n T e am E st. 2007 What is the Crisis

Pittsburgh Bureau of Police Crisis I nte rve ntio n T e am E st. 2007 What is the Crisis Intervention Team? A cooperative effort between the PBP, Allegheny County Mental Health, State and County Corrections System. Crisis Intervention

920 views • 35 slides
1Q20 Results Presentation VEF and the Current Crisis This is just another crisis in emerging

1Q20 Results Presentation VEF and the Current Crisis This is just another crisis in emerging

1Q20 Results Presentation VEF and the Current Crisis This is just another crisis in emerging markets Gradual impact, time to prepare, positioned and ready Defense first, survive and then thrive VEF and its portfolio companies are well-funded

558 views • 19 slides
the opioid crisis (And how this context can support our thinking on the crisis) In the beginning

the opioid crisis (And how this context can support our thinking on the crisis) In the beginning

a short history of the opioid crisis (And how this context can support our thinking on the crisis) In the beginning Opioids have been around for a very long time Opium Early nineteenth century: Morphine 1874: Heroin invented

689 views • 35 slides
Help in Crisis - What is available and how to access help for your clients Gerry Cano CLAS

Help in Crisis - What is available and how to access help for your clients Gerry Cano CLAS

Help in Crisis - What is available and how to access help for your clients Gerry Cano CLAS Project Manager Sue Reynolds Senior Money Matters Advisor Help in a crisis A crisis can occur for lots of different reasons: Benefits

691 views • 47 slides

More recommend