Fake Google subdomain certificates found in the wild
An Indian certificate authority in the Microsoft root of trust has been caught issuing fake Google subdomain certificates that would allow nearly undetectable eavesdropping on "secure" connections to...
View ArticleClik here to view.
Symantec caught issuing rogue Google.com certificates
Your browser trusts SSL certificates from hundreds of "Certificate Authorities," each of which is supposed to exercise the utmost caution before issuing them -- a rogue cert would allow a criminal or...
View ArticleClik here to view.
Chrome won't trust Symantec-backed SSL as of Jun 1 unless they account for...
In September, Google caught Symantec issuing a fake google.com cryptographic certificate that could have been used to seamlessly intercept encrypted Google.com traffic. Symantec is one of the...
View ArticleClik here to view.
Using distributed code-signatures to make it much harder to order secret...
Cothority is a new software project that uses "multi-party cryptographic signatures" to make it infinitely harder for governments to order companies to ship secret, targeted backdoors to their...
View ArticleClik here to view.
Hack-attacks with stolen certs tell you the future of FBI vs Apple
Since 2014, Suckfly, a hacker group apparently based in Chengdu, China, has used at least 9 signing certs to make their malware indistinguishable from official updates from the vendor. (more…)
View ArticleGoogle: Chrome will no longer trust Symantec certificates, 30% of the web...
In 2012, Google rolled out Certificate Transparency, a clever system to spot corrupt "Certificate Authorities," the entities who hand out the cryptographic certificates that secure the web. If...
View ArticleCheating Chinese certificate authorities, caught by Certificate Transparency,...
In 2012, Google introduced Certificate Transparency, an internet-wide tripwire system designed to catch cryptographic "certificate authorities" who abused their position to produce counterfeit...
View Article4-10% of encrypted web connections are man-in-the-middled and intercepted
Cloudflare's joint research with "a large e-commerce site" and Mozilla found that between 4-10% of secure, encrypted web connections are "intercepted," largely by corporate antivirus software that...
View ArticleCEO of Trustico emails 23,000 HTTPS private keys, triggering panicked...
On Tuesday, the CEO of UK certificate reseller Trustico decided to settle an argument with Digicert executive VP Jeremy Rowley by emailing him the private keys for 23,000 TLS certificates that had...
View ArticleCreating a "coercion resistant" communications system
Eleanor Saitta's (previously) 2016 essay "Coercion-Resistant Design" (which is new to me) is an excellent introduction to the technical countermeasures that systems designers can employ to defeat...
View Article
