Government Could Forge SSL Certificates

Government Could Forge SSL Certificates 168

Posted by Soulskill on Friday March 26, 2010 @10:14AM from the bureaucrat-in-the-middle dept.

FutureDomain writes "Is SSL becoming pointless? Researchers are poking holes in the chain of trust for SSL certificates which protect sensitive data. According to these hypothesized attacks, governments could compel certificate authorities to give them phony certificates that are signed by the CA, which are then used to perform man in the middle attacks. They point out that Verisign already makes large sums of money by facilitating the disclosure of US consumers' private data to US government law enforcement. The researchers are developing a Firefox plugin (PDF) that checks past certificates and warns of anomalies in the issuing country, but not much can help if government starts spying on the secure connections of its own citizens."

Government Could Forge SSL Certificates

This discussion has been archived. No new comments can be posted.

Search 168 Comments Log In/Create an Account

Comments Filter:

SSL / HTTPS (Score:2, Funny)

by bbroerman ( 715822 ) writes: on Friday March 26, 2010 @10:25AM (#31625884) Homepage

One more nail in the coffin... (See http://nearlyperfectsoftware.com/secureajax.html [nearlyperf...ftware.com] for other hacks). Good thing I'm working on a protocol and libraries / utilities that can be used to replace it for all of my work, and my clients... Starting with a secure ajax framework, then on to things like POP, IMAP, SMTP, FTP, Telnet, etc. Should be cool once I get them all done.

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

Government Could Forge SSL Certificates 168

Government Could Forge SSL Certificates More Login

Government Could Forge SSL Certificates

SSL / HTTPS (Score:2, Funny)

Related Links Top of the: day, week, month.

Slashdot Top Deals

Slashdot