[cryptography] another cert failure

Jeffrey Walton noloader at gmail.com
Fri Jan 4 23:30:44 EST 2013


On Fri, Jan 4, 2013 at 6:40 PM,  <dan at geer.org> wrote:
>
> you may have already seen this, but
>
> http://www.bbc.co.uk/news/technology-20908546
>
> Cyber thieves pose as Google+ social network
>
> The lapse let cyber thieves trick people into thinking they were
> on Google+ Continue reading the main story Related Stories
> Cyber-warriors join treasure hunt Insecure websites set to be named
> Warning over web security attack Web browser makers have rushed to
> fix a security lapse that cyber thieves abused to impersonate Google+
>
> The loophole exploited ID credentials that browsers use to ensure
> a website is who it claims to be.
>
> By using the fake credentials, criminals created a website that
> purported to be part of the Google+ social media network.
>
> The fake ID credentials have been traced back to Turkish security
> firm TurkTrust which mistakenly issued them.
Thank you Dr. Geer. This is fuel for my fires :)

Jeff



More information about the cryptography mailing list