Rogue SSL Certs Issued For CIA, MI6, Mossad 152
Orome1 writes with this excerpt from Help Net Security: "The number of rogue SSL certificates issued by Dutch CA DigiNotar has ballooned from one to a couple dozen to over 250 to 531 in just a few days. As Jacob Appelbaum of the Tor project shared the full list of the rogue certificates, it became clear that fraudulent certificates for domains of a number of intelligence agencies from around the world were also issued during the CA's compromise — including the CIA, MI6 and Mossad. Additional targeted domains include Facebook, Yahoo!, Microsoft, Skype, Twitter, Tor, Wordpress and many others."
well managed self-signed certs are safer (Score:4, Insightful)
At least you know how many and which certs were issued from an authority that you run yourself.
The chain of trust is only as strong as the weakest link in the chain.
Draw the consequences (Score:3, Insightful)
You can't trust the root CAs. The whole infrastructure is broken and needs to be replaced with something else.
For a start, webbrowsers should notify users if a certificate was replaced, even if the replacement is signed. And browsers shouldn't go into full panic mode over self-signed certs. They're still safer than using an unencrypted connection.
Re:F-secure has a partial list (Score:4, Insightful)