[cabfpub] Fwd: SANS NewsBites Vol. 15 Num. 042 : NSA/CyberCom To Get Green Light to Respond to Cyber Attack; Iranians Targeting US Energy Companies ICS; Chinese Hackers Stole US Weapons Systems Designs
Rick_Andrews at symantec.com
Wed May 29 08:03:05 MST 2013
>From the SANS Newsletter this week.
Good publicity, although only the editorial comment explains why this is happening.
Begin forwarded message:
> --Google Will Upgrade SSL Encryption Keys
> (May 24, 2013)
> By the end of 2013, Google plans to upgrade all of its SSL certificates
> to 2048-bit keys. The change is scheduled to begin in August. Google
> plans to upgrade its root certificate as well. Certain client software
> embedded in devices like phones, gaming consoles, and cameras could run
> into problems with the upgrade; Google has offered advice to help
> mitigate those issues.
> [Editor's Note (Pescatore): I think the CA Browser Forum is requiring
> all CAs to do this by YE2013. Growth in processing power over time,
> combined with advances in crypto attacks that shorten brute force
> attacks, means crypto strengths will always have to increase over time.
> SSL in practice needs more than longer keys - the switchover to longer
> lengths will drive client/server side software upgrades that need to
> address various validity checking and revocation issues. But, the
> security of CAs needs to be addressed in a big way, too.]
More information about the Public