New Research Suggests That Governments May Fake SSL Certificates
Quote:
This paper introduces a new attack, the compelled certificate creation attack, in which government agencies compel a certificate authority to issue false SSL certificates that are
then used by intelligence agencies to covertly intercept and hijack individuals' secure Web-based communications. We reveal alarming evidence that suggests that this attack is in active use. Finally, we introduce a lightweight browser add-on that detects and thwarts such attacks.
|
News article
http://www.eff.org/deeplinks/2010/03...ments-fake-ssl
The paper
http://files.cloudprivacy.net/ssl-mitm.pdf
__________________
UNIX was not designed to stop you from doing stupid things, because that would also stop you from doing clever things.
|