Friday, March 25, 2011

Iranian hackers obtain fraudulent HTTPS certificates: How close to a Web security meltdown did we get?

MARCH 23RD, 2011
Iranian hackers obtain fraudulent HTTPS certificates: How close to a Web security meltdown did we get?
Technical Analysis by Peter Eckersley
On March 15th, an HTTPS/TLS Certificate Authority (CA) was tricked into issuing fraudulent certificates that posed a dire risk to Internet security. Based on currently available information, the incident got close to — but was not quite — an Internet-wide security meltdown. As this post will explain, these events show why we urgently need to start reinforcing the system that is currently used to authenticate and identify secure websites and email systems.
Read full article at:
https://www.eff.org/deeplinks/2011/03/iranian-hackers-obtain-fraudulent-https

Hat tip: EthanZ
- - -

Further Reading

Sudan to unleash cyber jihadists
From: www.bbc.co.uk - 23 March 2011 Last updated at 15:31
Sudan's ruling National Congress Party has warned that its "cyber jihadists" will "crush" internet-based dissent.

Panel discussion on internet and social change worldwide
From: Twitter / EthanZ - 23/03/2011 01:57
EthanZ: Hacking Our Way Back to Democracy: panel discussion on internet and social change worldwide at Ford's Wired for Change:
http://bit.ly/gMhB9b

"In Soviet Russia, Google Researches You"
From: Twitter / EthanZ - 24/03/2011 22:24
EthanZ: Blog post: "In Soviet Russia, Google Researches You" - reflections on a smart FM paper on Google personalization:
http://bit.ly/h5PuiK
- - -