Home > slashdot > Government Could Forge SSL Certificates

Government Could Forge SSL Certificates

March 26th, 2010 03:14 admin Leave a comment Go to comments

FutureDomain writes “Is SSL becoming pointless? Researchers are poking holes in the chain of trust for SSL certificates which protect sensitive data. According to these hypothesized attacks, governments could compel certificate authorities to give them phony certificates that are signed by the CA, which are then used to perform man in the middle attacks. They point out that Verisign already makes large sums of money by facilitating the disclosure of US consumers’ private data to US government law enforcement. The researchers are developing a Firefox plugin (PDF) that checks past certificates and warns of anomalies in the issuing country, but not much can help if government starts spying on the secure connections of its own citizens.”

Source: Government Could Forge SSL Certificates

Related Articles:

  1. Dutch Government Revokes Diginotar Certificates
  2. SSL Certificates For Intranet Sites?
  3. Microsoft Revokes Trust In 28 of Its Own Certificates
  4. Another CA Issues False Certificates To Iran
  5. Hackers May Have Nabbed Over 200 SSL Certificates
blog comments powered by Disqus