Man-in-the-Middle Attack Against Google Demonstrates Dangerous Weakness of Certificate Authority
Source: EFF - Posted by Anthony Pell   
Cryptography What’s worse than discovering that someone has launched a man-in-the-middle attack against Iranian Google users, silently intercepting everything from email to search results and possibly putting Iranian activists in danger? Discovering that this attack has been active for two months. People all over the world use Google services for sensitive or private communications every day. Google enables encrypted connections to these services in order to protect users from spying by those who control the network, such as ISPs and governments. Today, the security of this encryption relies entirely on certificates issued by certificate authorities (CAs), which continue to prove vulnerable to attack. When an attacker obtains a fraudulent certificate, he can use it to eavesdrop on the traffic between a user and a website even while the user believes that the connection is secure.

Read this full article at EFF

Only registered users can write comments.
Please login or register.

Powered by AkoComment!