DaemonForums  

Go Back   DaemonForums > DaemonForums.org > News

News News regarding BSD and related.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 7th February 2012
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 3,135
Thanked 182 Times in 149 Posts
Default Trustwave issued a man-in-the-middle certificate

From http://h-online.com/-1429982

Quote:
Certificate authority Trustwave issued a certificate to a company allowing it to issue valid certificates for any server. This enabled the company to listen in on encrypted traffic sent and received by its staff using services such as Google and Hotmail. Trustwave has since revoked the CA certificate and vowed to refrain from issuing such certificates in future.

[snip]

This is the first case that we are aware of where a respectable certificate authority has enabled third parties to issue arbitrary SSL server certificates for monitoring purposes. Trustwave claims, however, that this is common practice among other root CAs.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
  #2   (View Single Post)  
Old 8th February 2012
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 3,135
Thanked 182 Times in 149 Posts
Default Mozilla considers removing Trustwave CA

From http://h-online.com/-1430998

Quote:
Scandalised by the snooping certificate issued by Trustwave, a heise Security reader, Sebastian Wiesinger, has submitted a report to Mozilla's bug database in which he requests that Trustwave's root certificates be removed from all Mozilla products. Mozilla's Kathleen Wilson, who handles the issue, has accepted the submission and requested a statement from Trustwave. Trustwave's Brian Trzupek has already announced the release of further information which, he says, is still waiting for internal approval.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
  #3   (View Single Post)  
Old 21st February 2012
s2scott's Avatar
s2scott s2scott is offline
Package Pilot
 
Join Date: May 2008
Location: Toronto, Ontario Canada
Posts: 198
Thanked 9 Times in 8 Posts
Default

I believe it was Phil Zimmermann, father of PGP, who exclaimed widely and wisely that ...the second you involve a third party is the same second you lose the surety of privacy.

CAs are third parties. In a for profit monetized X509 space, certificate escrow and its variants is a quiet fact.

PGP never needed third parties, though in their day the key ring servers were considered administratively challenging -- a hurdle that likely would have been overcome had PGP gotten to the critical mass tipping point.

/S
__________________
Never argue with an idiot. They will bring you down to their level and beat you with experience.

Last edited by s2scott; 22nd February 2012 at 03:12 AM. Reason: Spelling
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Further evidence of Certificate Authority break-ins J65nko News 0 27th October 2011 08:18 PM
Thinkpad T61 and middle button of the mousepad miggel13 OpenBSD Packages and Ports 15 17th August 2011 04:58 PM
High Severity BIND Vulnerability Advisory Issued J65nko News 2 24th February 2011 02:55 AM
OpenSSH 5.8 addresses legacy certificate signing vulnerability J65nko News 0 8th February 2011 01:29 AM
Pidgin MSN connection issues, invalid SSL Certificate chain TerryP Guides 5 8th December 2010 01:06 AM


All times are GMT. The time now is 08:55 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick