Well scrivened, crafted, reasoned, and timely blog post by Andrew Cook (writing at the Delta Risk - A Chertoff Company - blog). In which, impeccable advice is offered, on learning and avoiding pitfalls, targeting Incident Response - i.e., Successful Incident Response. This weeks' Must Read.
...and then there's this: Certstream, ostensibly, a near 'real-time' certificate transparency log stream (in this case an update stream that security engineers can plug-into their unholy workflow). Fundamentally, security administrators - through prudent autmomation - can take a gander at TLS/SSL certificates as those objects are issued in near 'real time' through the lens of Certstream. Really, a superb idea in the effort to afford transparecny to the entire arcane methodology that is SSL/TLS certification issuance. H/T
"Certificate Transparency aims to remedy these certificate-based threats by making the issuance and existence of SSL certificates open to scrutiny by domain owners, CAs, and domain users. Specifically, Certificate Transparency has three main goals:
- Make it impossible (or at least very difficult) for a CA to issue a SSL certificate for a domain without the certificate being visible to the owner of that domain.
- Provide an open auditing and monitoring system that lets any domain owner or CA determine whether certificates have been mistakenly or maliciously issued.
- Protect users (as much as possible) from being duped by certificates that were mistakenly or maliciously issued. Certificate Transparency satisfies these goals by creating an open framework for monitoring the TLS/SSL certificate system and auditing specific TLS/SSL certificates." via.