[Owasp-leaders] Cert Stealer Released

• Previous message: [Owasp-leaders] Cert Stealer Released
• Next message: [Owasp-leaders] Cert Stealer Released
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Problem is browser should by default check the legitimacy of the signer, 
if it loaded into the CA-certs bundle in mozilla, majority besides 
akamia will show no difference. Well this trick isn't for governments 
anymore, it's for everybody.  :)
On 12/26/13, 12:26 PM, Abbas Naderi wrote:
> Well this is changing the signer, e.g google is signed by a Level one and you’re using a Level 3.
> This is an old trick though, many countries already used this to sniff on their people. The simplest way to stop it is to store fingerprints and check them later.

• Previous message: [Owasp-leaders] Cert Stealer Released
• Next message: [Owasp-leaders] Cert Stealer Released
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]