by Mike Masnick
Thu, Mar 24th 2011 2:46pm
A few months back, we talked about how the Tunisian government tried to do a massive hack on Facebook to access the communications of protesters and activists. It looks like the Iranian government tried to do something similar, figuring out a way to get bogus SSL certificates for Google, Yahoo, Skype and others, which would have allowed the government to set up a man-in-the-middle type attack to get passwords and access otherwise "encrypted" content. While this was discovered, it does suggest the levels that some governments will go to in order to spy on users online. More importantly, it highlights some of the serious problems with the certificate authority model of trust and security online. So here's the big question: how do we prevent these types of things from happening?
If you liked this post, you may also be interested in...
- Senator John McCain Weighs In On 'Going Dark' Debate -- Insists That He Understands Cryptography Better Than Cryptographers
- Nest Thermostat Goes From 'Internet Of Things' Darling To Cautionary Tale
- Ding-Dong -- Your Easily Hacked 'Smart' Doorbell Just Gave Up Your WiFi Credentials
- Copyright Blocking Security Research: Researchers Barred From Exploring Leaked Archive
- Latest Email Dump Shows Hillary Clinton Telling Aide To Send Classified Documents Over Unsecure Fax Line