Pic0o Posted December 30, 2008 Report Share Posted December 30, 2008 Since it's still within Holiday Season, it's especially important to keep an eye out on where you Login, even if it's a HTTPS Site. Cnet has the Details, I'll lay down an overview. Basically, a crew of folks are able to re-write SSL Certificates to make all look OK, while relaying you to a Non-Intended site. Basically, this info is not out in the wild yet, but typically it only takes knowing an exploit exists before someone else is Authoring the Exploit. Their work has focused on finding vulnerabilities in a technology known as Secure Sockets Layer, or SSL, which was designed to provide Internet users with two guarantees: first, that the Web site they're connecting to isn't being spoofed, and second, that the connection is encrypted and is proof against eavesdropping. SSL is used whenever a user navigates to an address beginning with "https://". SSL certificates essentially stand for the claim that, for instance, etrade.com actually belongs to E-Trade Inc., and is not being operated by a thief hoping to steal account passwords. Most browsers indicate that SSL is active by displaying a small padlock icon. An attack using a forged authentication certificate--which is what the researchers say they have done--is insidious because the browser can't detect it and the padlock icon would still appear. So, in short, be cautious on your logins. :o Link to comment
2.png.90d30c8617e1b66c2349f1824310df42.thumb.png.9fbd2fa009e7dc9f29f24a22eded5e3f.png)
Recommended Posts