An Interest In:
Web News this Week
- March 31, 2024
- March 30, 2024
- March 29, 2024
- March 28, 2024
- March 27, 2024
- March 26, 2024
- March 25, 2024
April 14, 2011 01:47 pm PDT
Original Link: http://feeds.boingboing.net/~r/boingboing/iBag/~3/EckLaa5tFXE/trusting-unknown-par.html
Trusting unknown parties for security? Welcome to the web
At The Economist, Glenn Fleishman writes about a fundamental flaw in the industry standard security system for websites, SSL, familiar to all of us as the little lock icon that appears for 'secure' websites. Recently, a cracker was able to issue himself security certificates for domains at Skype and elsewhere, making clear the problem of assigning trust to certificating authorities just because. The secure web infrastructure was designed in part to defend against this. The browser may be tricked into connecting to a server designed to extract your identity or intercept communications, but the browser will see the wolf under the sheep's clothing. It will alert the user and hinder him from connecting to a server that lacks a certificate, issued by some CA, for the domain it claims to be representing. But if a valid certificate can be obtained, neither the user nor the browser have any idea that they have been hijacked. A big part of the problem seems to be the willingness of browser- and OS-makers to turn a blind eye to sleazy CAs. The web's trust issues [The Economist]...Original Link: http://feeds.boingboing.net/~r/boingboing/iBag/~3/EckLaa5tFXE/trusting-unknown-par.html
Share this article:
Tweet
View Full Article