by Mike Masnick
Tue, Dec 30th 2008 9:09pm
Ed Felten has the details on a rather worrisome bit of information released by some security researchers on how to forge site certificates. Generally speaking, secure certificates for sites were considered to a pretty definite sign that you were safely connected to a particular site -- and transferring any data between you and that site securely. The ability to forge such certificates throws all that into doubt, and it severely disrupts the ability to be confident in a secure transaction online. Felten describes how this is fixable (though, some certification authorities should have made changes a while ago to prevent this), but it's yet another reminder that what's secure today might not be so secure tomorrow.
If you liked this post, you may also be interested in...
- NSA Director: If I Say 'Legal Framework' Enough, Will It Convince You Security People To Shut Up About Our Plan To Backdoor Encryption?
- Lenovo CTO Claims Concerns Over Superfish Are Simply 'Theoretical'
- Lenovo Quietly Deletes That Bit About 'No Security Concerns' To Superfish... While Superfish Says 'No Consumers Vulnerable'
- Lenovo In Denial: Insists There's No Security Problem With Superfish -- Which Is Very, Very Wrong.
- President Obama: I'm A Big Believer In Strong Encryption... But...