"every time you try to visit a webpage, your browser checks to make sure that the site you’re loading is really the one you’re trying to access, not a malicious page some wily attacker is trying to redirect you to. Similarly, when you download a new piece of software, your operating system will often check to make sure it’s coming from a trustworthy vendor.
But browser and operating system companies don’t want to be responsible for screening every single website and software developer in the world. Instead, they rely on third parties to vouch for those sites and developers. The third parties do this by issuing what are called certificates...
Any of those trusted CAs, whether they are root CAs or intermediate CAs that have been endorsed, can then issue certificates for any website they choose—even websites that have chosen to buy certificates from different CAs. This complex and often opaque hierarchy of relationships is one reason why things can go so wrong...
The only clue left by the intruder—a message left behind on a DigiNotar server—offers little insight into the perpetrator’s mission or identity other than a profound sense of self-importance. “I know you are shocked of my skills, how I got access to your network,” the message begins. “THERE IS NO [sic] ANY HARDWARE OR SOFTWARE IN THIS WORLD EXISTS WHICH COULD STOP MY HEAVY ATTACKS MY BRAIN OR MY SKILLS OR MY WILL OR MY EXPERTISE.”
The discovery of the DigiNotar compromise left the browser and CA community—to say nothing of the Dutch government—reeling."
FB: ohhhh this is what those are "If you’re a normal internet user, you probably only encounter certificates when you get a warning from your browser about trying to visit a website whose certificate was issued by an untrusted CA. But of course, that’s often not a clear—or alarming—enough message to stop users from trusting those sites. "
No comments:
Post a Comment