[Owasp-france] Letter to EU Commission on French CA abuse

Ryan Dewhurst ryandewhurst at gmail.com
Tue Dec 10 13:00:44 UTC 2013


As this is related to France and web security I thought some of you may
find it interesting.

As many of you may have already read, the French Finance Ministry
(Ministère de l'Economie et des Finances?) was found to be Man In The
Middle'ing its employees with a rouge SSL certificate.

The rouge certificate was produced by the French ANSSI Certificate
Authority (CA). The certificate in question has since been revoked by
browsers (Chrome at least, probably most others). ANSSI claim the
certificate was produced in 'human error' -

According to Google, the rouge SSL certificate was used 'with the knowledge
of the users on that network'. -

The Hackers Choice (THC) have written an open letter to the EU Commission.
This letter contains further information about the incident.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-france/attachments/20131210/de471243/attachment.html>

More information about the Owasp-france mailing list