A Post Mortem on the Iranian DigiNotar Attack
Existing web browsers, email clients and operating systems depend on Certificate Authorities (CAs), and the SSL certificates they produce, in order to know that you are really visiting the domain that you intended to visit. If these certificates are false, someone in control of a network can tamper with and spy on connections. A hacker who gets a certificate for mail.google.com, for instance, will be able to steal people's Gmail passwords and hijack their accounts. A hacker who gets a certificate for addons.mozilla.org or *.microsoft.com might be able to install malicious software on victims' computers. In fact, these kinds of attacks against Gmail happened on a massive scale during July and August of this year.
To read more go to www.eff.org/deeplinks/
Existing web browsers, email clients and operating systems depend on Certificate Authorities (CAs), and the SSL certificates they produce, in order to know that you are really visiting the domain that you intended to visit. If these certificates are false, someone in control of a network can tamper with and spy on connections. A hacker who gets a certificate for mail.google.com, for instance, will be able to steal people's Gmail passwords and hijack their accounts. A hacker who gets a certificate for addons.mozilla.org or *.microsoft.com might be able to install malicious software on victims' computers. In fact, these kinds of attacks against Gmail happened on a massive scale during July and August of this year.
To read more go to www.eff.org/deeplinks/
