How to stop/detect somone else regestering for a new cert for my domain
With the proliferation of low-cost automated CAs what can be done to mitigate the attack of someone doing a spear phishing attack to get a login to our webmail system, then using a automated service like RapidSSL to issue a new cert for widgetco.com to OverlyTrustingReceptionist@widgetco.com?
I am sure some eyebrows would be raised at RapidSSL if someone like google.com requested a cert, is there anything I can do too?
With the proliferation of low-cost automated CAs what can be done to mitigate the attack of someone doing a spear phishing attack to get a login to our webmail system, then using a automated service like RapidSSL to issue a new cert for widgetco.com to OverlyTrustingReceptionist@widgetco.com?
I am sure some eyebrows would be raised at RapidSSL if someone like google.com requested a cert, is there anything I can do too?
No comments:
Post a Comment