Best Practices to Acquire Users and Manage Churn for OTT Services » Watch the On-Demand Webinar
Welcome Guest | Sign In
ECTNews.com
E-Commerce Times TechNewsWorld CRM Buyer LinuxInsider
Discussions

TechNewsWorld Talkback

 
ECT News Community   »   TechNewsWorld Talkback   »   Re: Fraudsters Can Easily Buy SSL Certificates, Researcher Finds



Re: Fraudsters Can Easily Buy SSL Certificates, Researcher Finds
Posted by: Scott M. Fulton, III 2010-04-04 14:29:36
See Full Story

Two university researchers discovered at a recent security conference that security companies often deal with governments that can compel certificate authorities to produce SSL security keys for them. Those keys can then be used to sign certificates as any other Web site, enabling a law enforcement authority -- hypothetically speaking, of course -- to spoof virtually any other site. However, you don't need to be a government to compel a certificate authority to issue an SSL certificate for a major Web mail service of your choice. You just need a valid credit card.


The irony...
Posted by: Kagehi 2010-04-04 14:35:59 In reply to: Scott M. Fulton, III
being how many legit sites I have run across with either out of date, or invalid certificates (the later usually due to some stupid thing, like hosting major files/documents on a site without a certificate, then trying to use their main site's certificate to authenticate it.

Just goes to show how, basically, useless buying "proof of validity" is, instead of having... I don't know.. but something that is harder to screw up.

After all, while some idiots are likely to use their own credit card to create a fake cert, the brighter ones are going to do it by using the credit card numbers they are scamming off the people they need a fake certification to scam in the first place. Its like having an issuing agency provide a serial bugler a "right to own lockpicks", based on fake SSN numbers, and never noticing (possibly the worker is blind, kind of like the sites are?) that the guy who keeps coming in for them is claiming a different name every time. Obviously, a credit card isn't sufficient evidence for who the person is. Duh!!
Jump to:
What is your opinion of technology's place in the world?
Technology could be used to solve most of the world's problems if properly applied.
Technology creates more problems than it solves.
Some technologies are inherently good, and some are inherently evil.
I accept technology's risks in order to enjoy its benefits.
I'd like to go back in time to an era when technology was far less prevalent.
I'd like to go forward in time to a more technologically advanced era.