Powersellersunite Power Sellers Unite
Bringing Buyers and Sellers Together
 

The Swift Erosion of Online Trust
Click here to go to the original topic

 
       Power Sellers Unite Forum Index -> Scams, Frauds, and Phishing
::  
Author Message
elgato



Joined: 24 Feb 2005
Posts: 17240
Location: Texas
Posted: Wed Sep 14, 2011 8:33 am    Post subject: The Swift Erosion of Online Trust  
The break-in and theft of security certificates from a Dutch authority brought home, once again, how vulnerable Web browsers can be to hackers pretending to be who they're not.

The authority, DigiNotar, is one of many that issue security certificates for websites. The digital certificates tell a browser to "trust" content coming from a certain site. Certificates for such sites are preloaded into most browsers. If something goes awry at the certificate issuing authority, browser makers usually need to patch their products to address the problem. That can open a window of opportunity for certificate thieves.

What the hacker or hackers did in the DigiNotar case was break into the authority and issue certificates to themselves for popular websites, such as Google (Nasdaq: GOOG). Although the stolen certificates were quickly revoked, one managed to make it to the wild.

"That's the first time that's ever happened that we've known about," Seth Schoen a senior staff technologist with the Electronic Frontier Foundation, told TechNewsWorld.

By using the certificate to set up a server and intercept traffic headed toward a legitimate website, the hacker was able to stage a classic man-in-the-middle attack.

"Someone in Iran was able to spy on hundreds of thousands of people's communications with Google," Schoen said.

http://www.technewsworld.com/story/The-Swift-Erosion-of-Online-Trust-73265.html
Back to top  
 
       Power Sellers Unite Forum Index -> Scams, Frauds, and Phishing
Page 1 of 1




Powered by phpBB © 2001, 2002 phpBB Group