Thread: New Research Suggests That Governments May Fake SSL Certificates
View Single Post
  #1   (View Single Post)  
Old 25th March 2010
Carpetsmoker's Avatar
Carpetsmoker Carpetsmoker is offline
Real Name: Martin
Tcpdump Spy
  
Join Date: Apr 2008
Location: Netherlands
Posts: 2,243
Default New Research Suggests That Governments May Fake SSL Certificates
Quote:
This paper introduces a new attack, the compelled certificate creation attack, in which government agencies compel a certificate authority to issue false SSL certificates that are
then used by intelligence agencies to covertly intercept and hijack individuals' secure Web-based communications. We reveal alarming evidence that suggests that this attack is in active use. Finally, we introduce a lightweight browser add-on that detects and thwarts such attacks.
News article
http://www.eff.org/deeplinks/2010/03...ments-fake-ssl

The paper
http://files.cloudprivacy.net/ssl-mitm.pdf
__________________
UNIX was not designed to stop you from doing stupid things, because that would also stop you from doing clever things.
Reply With Quote