1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Russia creates its own TLS certificate authority to bypass sancti

    From TechnologyDaily@1337:1/100 to All on Fri Mar 11 11:45:04 2022
    Russia creates its own TLS certificate authority to bypass sanctions

    Date:
    Fri, 11 Mar 2022 11:26:30 +0000

    Description:
    If a website certificate is expired, the browser will display a message that the page the user wants to visit is insecure.

    FULL STORY ======================================================================

    Russia has formed a domestic trusted TLS certificate authority (CA) to help Russian sites renew their TLS certificates and continue providing services to their visitors.

    Before its invasion of Ukraine, websites based in Russia would pay international CAs for the renewal of their TLS certificates. However, since the invasion also resulted in heavy sanctions, signing authorities in these Western countries can no longer accept the payments, and therefore, cannot renew the certificates.

    If a website certificate is expired, the browser will display a message that the page the user wants to visit is insecure - and to work around this problem, Russian authorities have come up with a domestic CA. Two browsers recognize the new CA

    It will replace the foreign security certificate if it is revoked or expires, a rough translation of the announcement published on the Russian public services portal, Gosuslugi, reads. The Ministry of Digital Development will provide a free domestic analog. The service is provided to legal entities site owners upon request within 5 working days.

    All of this is not as easy as it sounds. A CA needs to be trusted by web browsers , and to get there - it needs to be vetted by various companies, as BleepingComputer puts it. That, it seems, cant happen overnight.

    As things stand now, only two browsers recognize the new CA as trustworthy: Yandex, and Atom. The former is Russia-based, while the latter is
    open-source. So far, Sberbank, VTB, and the Russian Central Bank, have received these new certificates, the publication states.

    Going forward, some 200 domains have been notified of the new TLS
    certificate, but as theyve not been made mandatory, theres no telling how
    long it will take for the companies to adopt them, or how many will do it, to begin with. Read more

    Ukraine wants Russia kicked off the internet


    ICANN rejects call to remove Russian domains from the Internet


    Russia could target Starlink users in Ukraine, warns Elon Musk

    The sanctions that came as the result of Russias invasion of Ukraine, are taking its toll on the invaders economy. Many services, such as PayPal, Visa, Mastercard, or even SWIFT, are unavailable in the country, while most of the Western retailers, such as Microsoft, Apple, Google, McDonalds, Coca-Cola,
    and many, many others, have pulled out.

    For experts at cybersecurity firm Venafi, the establishment of the new
    Russian CA also could create the possibility of a catastrophic single point
    of failure for Russian entities, as they see the CA as a clear strike at privacy and freedom online, as it gives the Russian government the power to spy on its citizens, and spoof any Western internet services.

    All of this should come as no surprise, says Kevin Bocek, Chief Security Strategist for Venafi.

    It is further escalation in conflict against an open Internet and an
    expansion of control over citizens. Russia is also locking itself out of the global economy and dimming the hopes of economic growth for current and
    future generations of Russian citizens.

    Its safe to assume that this new CA will be a primary target of Anonymous and other groups that are currently waging cyberattacks against Russian entities, adds Pratik Selva, Security Engineer at Venafi. Unlike the rest of the world, both government and private-sector Russian sites and infrastructure dont have a CAs, so this one goes down or is compromised every website connected to it will be disconnected from the internet until a new CA is created and new certificates can be issued. Here's our list of the best web hosting providers right now

    Via: BleepingComputer



    ======================================================================
    Link to news story: https://www.techradar.com/news/russia-creates-its-own-tls-certificate-authorit y-to-bypass-sanctions/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)