[ NNSquad ] Risks of unqualified security certs

NNSquad - Network Neutrality Squad
NNSquad Home Page
NNSquad Mailing List Information

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ NNSquad ] Risks of unqualified security certs

To: nnsquad@nnsquad.org
Subject: [ NNSquad ] Risks of unqualified security certs
From: Lauren Weinstein <lauren@vortex.com>
Date: Wed, 6 Apr 2011 10:39:33 -0700

Risks of unqualified security certs

http://j.mp/fgisx7  (threatpost)

     The data that the EFF analyzed came from the group's SSL Observatory
     database, which compiles information on all of the certificates used
     on the Web. After looking through the database, Chris Palmer of the
     EFF discovered that CAs have issued more than 37,000 legitimate,
     signed certificates for names that are commonly used to identify
     machines on local corporate networks. In some environments users will
     often just type the name of an internal resource into their browsers
     in order to access it.

--Lauren--
Lauren Weinstein (lauren@vortex.com): http://www.vortex.com/lauren
Co-Founder: People For Internet Responsibility: http://www.pfir.org
Founder:
 - Network Neutrality Squad: http://www.nnsquad.org
 - Global Coalition for Transparent Internet Performance: http://www.gctip.org
 - PRIVACY Forum: http://www.vortex.com
Member: ACM Committee on Computers and Public Policy
Blog: http://lauren.vortex.com
Twitter: https://twitter.com/laurenweinstein 
Google Buzz: http://j.mp/laurenbuzz 
Quora: http://www.quora.com/Lauren-Weinstein
Tel: +1 (818) 225-2800 / Skype: vortex.com

Prev by Date: [ NNSquad ] Google, Facebook, others fighting draconian French data retention law
Next by Date: [ NNSquad ] New U.S. wireless network a hazard for GPS
Previous by thread: [ NNSquad ] Google, Facebook, others fighting draconian French data retention law
Next by thread: [ NNSquad ] New U.S. wireless network a hazard for GPS
Index(es):
- Date
- Thread