threat intelligence

Monitoring Certificate Transparency logs for fraudulent SSL certs with Scumblr

I read with interest this article by Facebook, about detecting (possibly) fraudulent SSL certificates being issued by CAs.

I wasn't previously aware of Google's Certificate Transparency initiative, but it seems like a good idea. Basically there exists a sort of blockchain of public, append-only logs of all SSL certs that are being issued (at least, where the CA is cooperating to publish that info?).

Tags: 

Subscribe to RSS - threat intelligence