http://arstechnica.com/security/2013/09/spooks-break-most-internet-crypto-but-how/
Spooks break most Internet crypto, but how? > First, such certificates would be useful only if the NSA was able to > impersonate the website in what's known as an active man-in-the-middle > attack, which can make the attack less scalable and harder to pull off. That > forecloses the possibility of a passive eavesdropping, in which the NSA > simply monitors and decrypts traffic passing between a website and a target. > More importantly, the technique is easily detected through what's known as > certificate pinning that's built into Google's Chrome browser, dedicated > Twitter apps, and some security software. More about pinning: https://www.imperialviolet.org/2011/05/04/pinning.html You can do certificate pinning in firefox with the extension: Certificate Patrol. -- Kim Holburn IT Network & Security Consultant T: +61 2 61402408 M: +61 404072753 mailto:[email protected] aim://kimholburn skype://kholburn - PGP Public Key on request _______________________________________________ Link mailing list [email protected] http://mailman.anu.edu.au/mailman/listinfo/link
