Profile

unixronin: Galen the technomage, from Babylon 5: Crusade (Default)
Unixronin

Links

December 2012

S M T W T F S
      1
2345678
9101112131415
16171819202122
23242526272829
3031     

Navigation

Page Summary

Most Popular Tags

Expand Cut Tags

No cut tags

"Compelled certificate creation attack"

unixronin: Galen the technomage, from Babylon 5: Crusade (Default)
[personal profile] unixronin
Friday, March 26th, 2010 05:39 pm

Security researchers point out that SSL (Secure Sockets Layer) is vulnerable to what they call the compelled certificate creation attack, in which a government agency (say, the NSA) or operative thereof coerces a certificate issuer (such as Verisign) to issue a falsified SSL certificate, which the agency can then use with certificate renegotiation to perform a transparent man-in-the-middle attack against SSL.

  • Current Location: Gilford, New Hampshire
  • Current Music: Yoko Kanno :: Ghost in the Shell Original Soundtrack :: Fish - Silent Cruise (07:29)
Tags:
Flat | Top-Level Comments Only

[identity profile] randwolf.livejournal.com
Friday, March 26th, 2010 10:17 pm (UTC)
Or the Russian Business Network. Hmpf.

ext_85396: (Default)
[identity profile] unixronin.livejournal.com
Friday, March 26th, 2010 10:49 pm (UTC)
Indeed. Or, as mentioned in the article, the Chinese top-level certificate issuer, already widely believed to be complicit in Chinese government spying.
Flat | Top-Level Comments Only