ContraRisk Security Podcast 0002: Keys, Certificates and Fast-Changing Websites
“A new report by the Ponemon Institute, sponsored by Venafi, has come up with some big, scary numbers in terms of the financial risk companies are running if they fail to get on top of this issue. And however you feel about such headline-friendly statistics, the fact is that there’s a real problem out there. Some of it is at the techie level: it’s all too easy to type ssh-keygen and grab yourself a key pair for some task at hand – such as SSH’ing into a remote server without all that tedious password stuff. Then you forget about the keys and leave them on some poorly secured, yet still Internet-connected, server just waiting to be discovered by your friendly neighbourhood hacker. However, according to Jeff Hudson, CEO of Venafi, the bigger problem is at the top of the organisation, where C-level executives haven’t even heard of SSH or SSL and have no clue as to how much the organisation is at risk if things go wrong.”