http://www.metafilter.com/tags/CertificateAuthority Posts tagged with 'CertificateAuthority' at MetaFilter. Wed, 29 Feb 2012 19:32:04 -0800 Wed, 29 Feb 2012 19:32:04 -0800 en-us http://blogs.law.harvard.edu/tech/rss 60 http://www.metafilter.com/113384/Decentralized%2DSSL%2DObservatory EFF's <a href="https://www.eff.org/https-everywhere/">HTTPS Everywhere v2</a> adds support for Chrome and adds <a href="https://www.eff.org/deeplinks/2012/02/https-everywhere-decentralized-ssl-observatory">Decentralized SSL Observatory</a> to the FireFox version, SSL Observatory helps <a href="https://www.eff.org/observatory">cryptographic researchers</a> find <a href="https://www.eff.org/rng-bug">implementation problems</a> and now warns users when known problems are detected. And it <a href="https://trac.torproject.org/projects/tor/wiki/doc/HTTPSEverywhere/SSLObservatorySubmission">plays nicely with Tor</a> of course. There is another interesting EFF project in the works called <a href="https://www.eff.org/sovereign-keys">Sovereign Keys</a> that seeks to <a href="https://www.eff.org/deeplinks/2011/11/sovereign-keys-proposal-make-https-and-email-more-secure">replace the certificate authority system entirely</a>, which has <a href="https://www.eff.org/deeplinks/2011/10/how-secure-https-today">proven leaky</a>. It appears the EFF aren't the only ones <a href="http://www.networkworld.com/news/2011/101211-ssl-moxie-marlinspike-251882.html">looking to replace the certificate authorities</a>. tag:metafilter.com,2012:site.113384 Wed, 29 Feb 2012 19:32:04 -0800 CertificateAuthority EFF HTTPS HTTPSEverywhere SSL SSLObservatory jeffburdges http://www.metafilter.com/101866/Comodo%2DRegistration%2DAuthority%2Dcompromised <a href="http://www.comodo.com/Comodo-Fraud-Incident-2011-03-23.html">The circumstantial evidence suggests that the attack originated in Iran.</a> Every time you see a little lock icon in your browser and are using HTTPS connections, odds are you're using a site whose certificate was signed by an Certificate Authority like <a href="http://www.verisign.com/ssl/index.html">VeriSign</a>, <a href="http://www.comodo.com/">Comodo</a>, or <a href="http://www.thawte.com/">Thawte</a>. This week, SSL certificate provider Comodo announced that one of its accounts had been compromised. The attacker <a href="http://blogs.comodo.com/it-security/data-security/the-recent-ra-compromise/">used the account to generate 9 bogus certificates to use for 7 well-known domains</a>. While the breach was discovered and the certificates were revoked, it does <a href="http://www.crn.com/news/security/229400284/comodo-attack-sparks-ssl-certificate-security-discussions.htm">raise questions</a> about the chain of trust for all SSL certificates. The sites that the attacker created false IDs for were main internet hubs like Google, Yahoo, Skype, and Live. As Comodo posted in their blog: <em>It does not escape notice that the domains targeted would be of greatest use to a government attempting surveillance of Internet use by dissident groups. The attack comes at a time when many countries in North Africa and the Gulf region are facing popular protests and many commentators have identified the Internet and in particular social networking sites as a major organizing tool for the protests.</em> tag:metafilter.com,2011:site.101866 Thu, 24 Mar 2011 20:05:13 -0800 certificateauthority chainoftrust comodo computersecurity cyberwarfare iran ssl fifteen schnitzengruben is my limit http://www.metafilter.com/77826/Stir%2Din%2Dpoisoned%2DDNS%2Dand%2Dadd%2Da%2Ddash%2Dof%2Dtransparent%2Dproxying The <a href="http://events.ccc.de/congress/2008/Fahrplan/events/3023.en.html">embargo</a> has been lifted on the <a title="Hoary Hash Function" href="http://blog.wired.com/27bstroke6/2008/12/berlin.html">newest </a>research on growing internet infrastructure <a title="The researchers were worried about repercussions by the CAs that might want to gag them." href="http://www.veracode.com/blog/2008/12/major-break-in-md5-signed-x509-certificates/">insecurity</a>. Using <a href="http://hackaday.com/2008/12/30/25c3-hackers-completely-break-ssl-using-200-ps3s/">an army of Playstations</a>, <a href="http://ioerror.livejournal.com/">researchers </a>have managed to forge a <a href="http://www.rapidssl.com/index_ssl.htm">RapidSSL </a>(owned by Verisign) <strong>CA </strong><a title="How to create a CA cert" href="http://sandbox.rulemaker.net/ngps/m2/howto.ca.html">certificate </a>in a couple hours due to <a title="Hash Clash" href="http://www.win.tue.nl/hashclash/">known flaws</a> in <a href="http://www.ietf.org/rfc/rfc1321.txt">MD5</a>. tag:metafilter.com,2008:site.77826 Tue, 30 Dec 2008 08:44:20 -0800 CA certificateauthority hashclash insecurity md5 playstation rapidssl security verisign These Premises Are Alarmed