Read the rest of the article here: http://www.therealstrategy.com/rogue-ss ... m-attacks/If you think the “HTTPS” in your address bar means you’re safe. You’re wrong.
The most secure sites are still subject to possible “man in the middle” (MiTM) attacks. For a few years now, there have been several vulnerabilities found in HTTPS protocol. HTTPS status is granted by an SSL (Secure Socket Layer) certificate and thought to be the most secure connection online. This is the certificate granted to any company who pays and that certificate is supposed to guarantee a secure encryption protocol to the users of the website. Ironically, this can be reproduced by an attacker who intercepts the communications between the end users and provides a falsified certificate.
Most recently, “Symantec” was caught in a rogue certificate scandal with “Google”. Bottom line is that if a person can replicate or reproduce a certificate that looks genuine, your thought to be privacy is out the window.
Symantec issued “Google” certificates to someone other than “Google”
This happened mid September 2015, and Google engineers happened to stumble upon the fake certificates during their regular security checks. Symantec has since fired the employees involved in the scandal. This goes to show the public that no matter how large the company, even “Google” can be vulnerable due to mistakes made at other large corporations like “Symantec”. Who would have thought?
The NSA purposely produces fake SSL certificates
Privacy advocates have succeeded in convincing Google, Facebook, Apple and other companies to turn on SSL for all of their users on all of their pages (not just the homepage), but the new disclosures suggest that the effort could be futile against the NSA.
This is not directly exposed in any NSA document, but there are companies out there selling SSL proxy programs that do just that. These can be set up by the companies you are communicating with (ie. Google, Facebook, etc..) or even your employer. Data does suggest that even without the companies consent, the NSA or any attacker could still get in the middle of the communication and intercept the encrypted data.
The NSA compelled many companies to do this through secret court orders.
The NSA was exposed by Edward Snowden in recent years for much of what is called “mass surveillance”. Although, in part of this dumping of sensitive NSA data and program practices was the “BULLRUN PROJECT”.
.
.
.
Rogue SSL allows MiTM Attacks
Moderators: Moderators, Junior Moderators
Forum rules
This General Forum is for general discussions from daily chitchat to more serious discussions among Somalinet Forums members. Please do not use it as your Personal Message center (PM). If you want to contact a particular person or a group of people, please use the PM feature. If you want to contact the moderators, pls PM them. If you insist leaving a public message for the mods or other members, it will be deleted.
This General Forum is for general discussions from daily chitchat to more serious discussions among Somalinet Forums members. Please do not use it as your Personal Message center (PM). If you want to contact a particular person or a group of people, please use the PM feature. If you want to contact the moderators, pls PM them. If you insist leaving a public message for the mods or other members, it will be deleted.
Rogue SSL allows MiTM Attacks
-
- Similar Topics
- Replies
- Views
- Last post
-
- 5 Replies
- 533 Views
-
Last post by smartyt
-
- 17 Replies
- 1192 Views
-
Last post by 1 double 00 %
-
- 42 Replies
- 2095 Views
-
Last post by ARE_U_SICK
-
- 1 Replies
- 281 Views
-
Last post by The-Screw
-
- 1 Replies
- 339 Views
-
Last post by SecretAgent
-
- 28 Replies
- 5171 Views
-
Last post by original gangsta
-
- 1 Replies
- 334 Views
-
Last post by Northkil
-
- 14 Replies
- 893 Views
-
Last post by TheblueNwhite
-
- 32 Replies
- 2809 Views
-
Last post by gegiroor
-
- 42 Replies
- 3493 Views
-
Last post by James Dahl