[cryptography] another cert failure

dan at geer.org dan at geer.org
Fri Jan 4 18:40:05 EST 2013


you may have already seen this, but

http://www.bbc.co.uk/news/technology-20908546

Cyber thieves pose as Google+ social network

The lapse let cyber thieves trick people into thinking they were
on Google+ Continue reading the main story Related Stories
Cyber-warriors join treasure hunt Insecure websites set to be named
Warning over web security attack Web browser makers have rushed to
fix a security lapse that cyber thieves abused to impersonate Google+

The loophole exploited ID credentials that browsers use to ensure
a website is who it claims to be.

By using the fake credentials, criminals created a website that
purported to be part of the Google+ social media network.

The fake ID credentials have been traced back to Turkish security
firm TurkTrust which mistakenly issued them.

...





More information about the cryptography mailing list