Digital Certificates are a foundational building block of the Internet. They are used to verify the identity of e-commerce sites, the authenticity of software and encrypt data. Not surprisingly, cyberattackers try to create fake Certificates or get the Private Keys for real ones to steal data or intercept communications. No one really worried about the Certificates themselves – until now. It seems the random numbers used to generate Certificates sometimes are the same.
A new report by AppViewX reveals various common shortcomings in terms of public key infrastructure (PKI) management. Almost half (48%) of organizations are still using only passwords to protect their private keys and 5% even stored private keys in unsecured documents. Just 41% used encryption for extra security. Furthermore, 30% of