[Owasp-leaders] Cert Stealer Released

Gregory Disney gregory.disney at owasp.org
Thu Dec 26 20:36:41 UTC 2013


Problem is browser should by default check the legitimacy of the signer, 
if it loaded into the CA-certs bundle in mozilla, majority besides 
akamia will show no difference. Well this trick isn't for governments 
anymore, it's for everybody.  :)
On 12/26/13, 12:26 PM, Abbas Naderi wrote:
> Well this is changing the signer, e.g google is signed by a Level one and you’re using a Level 3.
> This is an old trick though, many countries already used this to sniff on their people. The simplest way to stop it is to store fingerprints and check them later.



More information about the OWASP-Leaders mailing list