25th March 2010
|
|
Tcpdump Spy
|
|
Join Date: Apr 2008
Location: Ireland
Posts: 2,245
|
|
New Research Suggests That Governments May Fake SSL Certificates
Quote:
This paper introduces a new attack, the compelled certificate creation attack, in which government agencies compel a certificate authority to issue false SSL certificates that are
then used by intelligence agencies to covertly intercept and hijack individuals' secure Web-based communications. We reveal alarming evidence that suggests that this attack is in active use. Finally, we introduce a lightweight browser add-on that detects and thwarts such attacks.
|
News article
http://www.eff.org/deeplinks/2010/03...ments-fake-ssl
The paper
http://files.cloudprivacy.net/ssl-mitm.pdf
|