[cryptography] another cert failure

Ryan Hurst ryan.hurst at globalsign.com
Fri Jan 4 23:49:44 EST 2013


FYI the article was changed post Dans mail and no longer contains the unsubstantiated references to malicious use quoted in the bellow.

Ryan 

Sent from my phone, please forgive the brevity.

On Jan 4, 2013, at 8:30 PM, Jeffrey Walton <noloader at gmail.com> wrote:

> On Fri, Jan 4, 2013 at 6:40 PM,  <dan at geer.org> wrote:
>> 
>> you may have already seen this, but
>> 
>> http://www.bbc.co.uk/news/technology-20908546
>> 
>> Cyber thieves pose as Google+ social network
>> 
>> The lapse let cyber thieves trick people into thinking they were
>> on Google+ Continue reading the main story Related Stories
>> Cyber-warriors join treasure hunt Insecure websites set to be named
>> Warning over web security attack Web browser makers have rushed to
>> fix a security lapse that cyber thieves abused to impersonate Google+
>> 
>> The loophole exploited ID credentials that browsers use to ensure
>> a website is who it claims to be.
>> 
>> By using the fake credentials, criminals created a website that
>> purported to be part of the Google+ social media network.
>> 
>> The fake ID credentials have been traced back to Turkish security
>> firm TurkTrust which mistakenly issued them.
> Thank you Dr. Geer. This is fuel for my fires :)
> 
> Jeff
> _______________________________________________
> cryptography mailing list
> cryptography at randombit.net
> http://lists.randombit.net/mailman/listinfo/cryptography
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2098 bytes
Desc: not available
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20130104/dc98b317/attachment.p7s>


More information about the cryptography mailing list