![[site.logo.alt]](/presentation/images/RO_VJ_Logo.png){kind=logo}
FactsheetsRSS feed
Our factsheets provide constituents with insight into threats as well as accompanying solutions.
Vulnerability in SSL and TLS
In September 2011 a vulnerability in the SSL/TLS-protocol was demonstrated. This protocol is used to set-up secure connections between browsers and websites. Researchers were able to decrypt a cookie with which they gained unauthorized access to a secured website. The attached factsheet provide a high-level description about the nature and impact of this vulnerability.
DigiNotar certificates and machine-to-machine (M2M) communication
On 29 August 2011 it became known that a fraudulent DigiNotar security certificate was issued for Google.com, as a result of an intrusion. On 2 September the results of a more detailed examination by Fox-IT were shared with the government, upon which the government stopped trusting certificates issued by DigiNotar.
DigiNotar is an organisation of Dutch origin that generates and issues so called SSL-certificates. These certificates are used to identify websites and secure web traffic. The discovery of this fraudulent certificate has eventually caused various software-vendors to stop trusting the DigiNotar Root Certificate Authority in their products.
A more extensive description of the current situation can be found in FS 2011-06. This fact sheet is specifically focused on the potential impact on machine-to-machine (M2M) communication and the steps you can take to reduce this impact.
Factsheet: Fraudulently issued security certificate discovered
On 29 August 2011 it became known that a fraudulent DigiNotar security certificate was issued for Google.com, as a result of an intrusion. DigiNotar is a Dutch company that issues - amongst others - SSL certificates. These certificates are used for the identification of websites and protection of internet communication. The discovery of this fraudulent certificate has caused various browser-vendors to stop trusting the DigiNotar Root Certificate Authority and DigiNotar sub root in their browsers. On September 2, the results of an investigation by Fox-IT have been shared with the government, after which the government has denounced its trust in the DigiNotar certificates.
Factsheet Reduced security RSA SecurID products
On 17 March 2011, EMC's security division RSA announced it had become the victim of a targeted attack by hackers. The latter managed to gain access to internal RSA systems, including systems associated with the SecureID portfolio of security products. There is limited information on the nature of the data that has been obtained or the consequences of the attack on RSA SecurID customers. The attack may compromise the effectiveness of current implementations of RSA SecurlD two-factor authentication. At the beginning of June, RSA announced that the information obtained during the attack in March had been used to support a targeted attack on Lockheed Martin.
This fact sheet explains how RSA SecurlD works, provides an overview of the currently known facts, describes the consequences of the attack for RSA's products and outlines recommended mitigating measures.
Factsheet Secure on Social Networks
During the past few years, the popularity of social networks has grown tremendously. They have come to form an important part of our communication. Although social networks offer a useful and fun interactive platform for the exchange and provision of information, they also present various security and privacy risks. This factsheet offers you an overview of the risks involved in participation in social networks. We also discuss three popular methods of attack, as well as a number of measures that facilitate more secure use of social networks.