Thread: Trustwave issued a man-in-the-middle certificate
View Single Post
  #1   (View Single Post)  
Old 7th February 2012
J65nko J65nko is offline
Administrator
  
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,131
Default Trustwave issued a man-in-the-middle certificate
From http://h-online.com/-1429982

Quote:
Certificate authority Trustwave issued a certificate to a company allowing it to issue valid certificates for any server. This enabled the company to listen in on encrypted traffic sent and received by its staff using services such as Google and Hotmail. Trustwave has since revoked the CA certificate and vowed to refrain from issuing such certificates in future.

[snip]

This is the first case that we are aware of where a respectable certificate authority has enabled third parties to issue arbitrary SSL server certificates for monitoring purposes. Trustwave claims, however, that this is common practice among other root CAs.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote