Sat. Jan 18th, 2020

Firefox browser trusts DarkMatter CA certificate to cause security industry controversy

2 min read

A few days ago, Firefox announced the latest approval list for the latest trusted certificates, including the intermediate certificate named QUOVADIS. The actual QUOVADIS intermediate certificate is a sub-certificate of the DIGICERT group of companies, and DIGICERT is the world’s most well-known root certificate issuing agency. However, the security industry has started to fire on Firefox browsers because QUOVADIS also cross-certifies DarkMatter indirectly.

The Firefox browser caused shelling this time because the cross-validated United Arab Emirates DarkMatter was accused of being involved in spy organizations. Reuters reported that there is a government-led cyberespionage organization in the UAE, and DarkMatter Cyber ‚ÄčSecurity is associated with the spy organization. HTTPS is the basic security facility currently used by the world. If Dark Matter issues a fake certificate, it can decrypt HTTPS traffic. Based on this security industry expert, Dark Matter’s certificate itself should not be trusted, but now they are through cross-validation to achieve certificate trust.

Currently, cross-validated is just the initial action of DarkMatter, and the company is currently applying for direct trust from the Firefox Root Certificate Trust Series. DarkMatter is committed to adding a transparency log to all TLS certificates, and the Transparency Log allows global security agencies to monitor certificate issuance in real time. But even so promised to commit to the security industry is still worried about similar incidents like Symantec, many false certificates were quietly issued and undiscovered. Unlike the nature of Symantec, the cyber espionage organization is even more harmful, so there is doubt in the DarkMatter certificate.

Via: bleepingcomputer