Read:
- http://www.wired.com/threatlevel/2011/03/comodo-compromise
- https://blog.torproject.org/blog/detecting-certificate-authority-compromises-and-web-browser-collusion
Recently a hacker with Iranian IP addresses managed to compromise a partner account at Comodo Group's CA and procured eight legitimate SSL cert for the following 6 respectable domains: mail.google.com, www.google.com, login.yahoo.com, login.skype.com, addons.mozilla.org and login.live.com.
Web browser makers frantically tried to update browsers to exclude the bogus certificates and Mozilla managed to plead with a famous security researcher, Jacob Appelbaum to withold information from public before patches are sent out.
How secure is the CA trust model after all ? Considering the use of TOR network instead of centralised CA ?
Web browser makers frantically tried to update browsers to exclude the bogus certificates and Mozilla managed to plead with a famous security researcher, Jacob Appelbaum to withold information from public before patches are sent out.
How secure is the CA trust model after all ? Considering the use of TOR network instead of centralised CA ?
No comments:
Post a Comment