Security fail No. 7: PKI is brokenPublic Key Infrastructure is mathematically beautiful in every way. I love it, and I install a fair amount of PKI in businesses each year or improve on the ones they have. The problem is that many of PKIs are hideously configured, woefully insecure, and mostly ignored, even when they function perfectly in the public sector.
In the last year or two, we've seen several legitimate public Certification Authorities be horribly hacked. They've allowed hackers to gain access to their signing keys, which should have been protected more strongly than any other information in their environment, and to issue fraudulent keys for use by other hackers, malware, and possibly interested governments.
But even when PKI is perfect, remaining strong and unhacked, people don't care. Most end-users, when warned by their browser that the presented digital certificate is untrusted, can't wait to click the Ignore button. They're happy to bypass the security inconvenience and get on with their computing lives.
Part of the problem is that the websites and programs using digital certificates have been lackadaisical in their use, allowing certificate error messages to become an everyday occurrence. End-users who did not ignore digital certificate error messages would not be able to participate in a large segment of legitimate online life, sometimes including remote access to their own workplace systems. Browser vendors could enforce digital certificate errors so that any error, earned or mistaken, would result in the site or service not being presented, but customers would revolt and choose another browser. Instead, everyone blithely ignores our broken PKI system. On the whole, the masses don't care.
