Quotulatiousness

March 24, 2011

Online security: compromised HTTPS certificates

Filed under: Technology — Tags: , , , — Nicholas @ 09:25

Iranian hackers (or someone trying to cast blame on Iran) managed to get a number of HTTPS certificates issued under false colours:

On March 15th, an HTTPS/TLS Certificate Authority (CA) was tricked into issuing fraudulent certificates that posed a dire risk to Internet security. Based on currently available information, the incident got close to — but was not quite — an Internet-wide security meltdown. As this post will explain, these events show why we urgently need to start reinforcing the system that is currently used to authenticate and identify secure websites and email systems.

[. . .]

Comodo also said that the attack came primarily from Iranian IP addresses, and that one of the fraudulent login.yahoo.com certs was briefly deployed on a webserver in Iran.

No Comments

No comments yet.

RSS feed for comments on this post.

Sorry, the comment form is closed at this time.

Powered by WordPress