On Thu, 2011-09-15 at 10:40 -0400, Allen Weiner wrote: > On Thu, 2011-09-15 at 08:32 -0400, Joseph Apuzzo wrote: > > A friend of mind turned me on to https://www.google.com aka to have an > > encrypted conversation with Google. > > I've been using it, since I like as much crypt-o traffic on the net as > > possible. > > > > But why? Anyone have any intelligent toughs on the subject, I would > > like to hear your take on the service and what it's good for. > > > > -- > > There has been a lot in the tech news lately that SSL has been > compromised. Some consider SSL to be worthless. Some consider that the > entire e-commerce infrastructure is insecure. > > SSL depends on a "web of trust". This is implemented via security > certificates issued by a certificate authority. Several of these > cerificate authorities have been hacked/compromised (DigiNotar, Comodo). > The security cerificate for Google in particular has been stolen. > > I was alerted to this situation via the weekly radio show "PC Radio > Show" on station WBAI. A regular participant on that show is David Perry > of Trend Micro. > This SSL issue was discussed on the August 10 show. (Program archive > available at pcradioshow2.org). It was discussed further on more recent > shows, but I don't recall which ones. > > Disclaimer: I'm not knowledgeable in computer security. >
P.S. Here's an informative article on the topic, from "Linux Weekly News" of Septamber 8. "Certificates and Authorities" http://lwn.net/Articles/45771/ _______________________________________________ Mid-Hudson Valley Linux Users Group http://mhvlug.org http://mhvlug.org/cgi-bin/mailman/listinfo/mhvlug Upcoming Meetings (6pm - 8pm) MHVLS Auditorium Oct 5 - Distributed Authentication Systems Nov 2 - Nov 2011 Dec 7 - Chef
