NNSquad - Network Neutrality Squad
[ NNSquad ] Fraudulent "Google" crypto cert found in the wild
Fraudulent "Google" crypto cert found in the wild
http://j.mp/VA2FMC (Wired)
"The unauthorized Google.com certificate was generated under the
*.EGO.GOV.TR certificate authority and was being used to
man-in-the-middle traffic on the *.EGO.GOV.TR network. Google's
spokesman said the unauthorized Google certificate was created
sometime in early December, fourteen months after Turktrust issued the
CA certificate to *.EGO.GOV.TR. The *.google.com certificate, a
so-called wild-card certificate, would have allowed whoever was using
it to intercept and read any communication that passed from users on
the *.EGO.GOV.TR network to any google.com domain, including encrypted
Gmail traffic."
- - -
I continue to assert that the global PKI is increasingly not
trustworthy, and that alternatives to the conventional certificate
issuing model are deserving of serious consideration.
--Lauren--
Lauren Weinstein (lauren@vortex.com): http://www.vortex.com/lauren
Co-Founder: People For Internet Responsibility: http://www.pfir.org/pfir-info
Founder:
- Network Neutrality Squad: http://www.nnsquad.org
- PRIVACY Forum: http://www.vortex.com/privacy-info
- Data Wisdom Explorers League: http://www.dwel.org
- Global Coalition for Transparent Internet Performance: http://www.gctip.org
Member: ACM Committee on Computers and Public Policy
Lauren's Blog: http://lauren.vortex.com
Google+: http://vortex.com/g+lauren / Twitter: http://vortex.com/t-lauren
Tel: +1 (818) 225-2800 / Skype: vortex.com
_______________________________________________
nnsquad mailing list
http://lists.nnsquad.org/mailman/listinfo/nnsquad