I know little about computers except that I hate them. This article, I will admit is confusing to me as a Luddite, but it shows how the internet is used by our enemies against their own people.
From the BBC September 5
Fake DigiNotar web certificate risk to Iranians
Fresh evidence has emerged that stolen web security certificates may have been used to spy on people in Iran.
Analysis by Trend Micro suggests a spike in the number of compromised DigiNotar certificates being issued to the Islamic Republic.
It is believed the digital IDs were being used to trick computers into thinking they were directly accessing sites such as Google.
In reality, someone else may have been monitoring the communications.
Hundreds of bogus certificates are thought to have been generated following a hack on Netherlands-based DigiNotar.
The company is owned by US firm Vasco Data Security.
Web passport
Authentication certificates are used by many websites to give their users secure access.
Typically these take the form of a TLS or SSL connection - which can be identified by the appearance of a padlock logo and "https" prefix.
Together, they are supposed to guarantee that the site is what it appears to be, and that the user's session is not being monitored.
Hundreds of bodies - known as certificate authorities (CAs) - are allowed to provide such authentication.
Web browsers, such as Safari, Chrome, Firefox and Internet Explorer have a built-in list of which CAs they can trust.
However, if a third-party was able to steal certificate details or generate their own, they may be able to launch a "man-in-the-middle" attack, similar to tapping a phone line.
The presence of an apparently genuine certificate means browser security would be unlikely to detect the surveillance.
Read it all
From the BBC September 5
Fake DigiNotar web certificate risk to Iranians
Fresh evidence has emerged that stolen web security certificates may have been used to spy on people in Iran.
Analysis by Trend Micro suggests a spike in the number of compromised DigiNotar certificates being issued to the Islamic Republic.
It is believed the digital IDs were being used to trick computers into thinking they were directly accessing sites such as Google.
In reality, someone else may have been monitoring the communications.
Hundreds of bogus certificates are thought to have been generated following a hack on Netherlands-based DigiNotar.
The company is owned by US firm Vasco Data Security.
Web passport
Authentication certificates are used by many websites to give their users secure access.
Typically these take the form of a TLS or SSL connection - which can be identified by the appearance of a padlock logo and "https" prefix.
Together, they are supposed to guarantee that the site is what it appears to be, and that the user's session is not being monitored.
Hundreds of bodies - known as certificate authorities (CAs) - are allowed to provide such authentication.
Web browsers, such as Safari, Chrome, Firefox and Internet Explorer have a built-in list of which CAs they can trust.
However, if a third-party was able to steal certificate details or generate their own, they may be able to launch a "man-in-the-middle" attack, similar to tapping a phone line.
The presence of an apparently genuine certificate means browser security would be unlikely to detect the surveillance.
Read it all
No comments:
Post a Comment