|
Title: Private I: Trust and verify for network certificate roots Post by: HCK on March 27, 2015, 03:00:16 pm Private I: Trust and verify for network certificate roots
<article> <section class="page"> <p> In a post on March 23, Google’s security team explained (http://googleonlinesecurity.blogspot.com/2015/03/maintaining-digital-certificate-security.html) that it had discovered that someone was delivering digital certificates to users for Google domains that weren’t authorized by Google. A quick investigation discovered that a Chinese certificate authority (CA), CNNIC, had improperly given a reseller enough power to create verifiable certificates for any domain in the world.</p><p> With a verifiable certificate, any seemingly secured web connection can be intercepted by a party that can insert a tap into a network point between the browser and the server. It’s bad.</p><p class="jumpTag"><a href="/article/2902173/private-i-trust-and-verify-for-network-certificate-roots.html#jump">To read this article in full or to leave a comment, please click here[/url]</p></section></article> Source: Private I: Trust and verify for network certificate roots (http://www.macworld.com/article/2902173/private-i-trust-and-verify-for-network-certificate-roots.html#tk.rss_all) |