Friday, May 16, 2014

Secure Connection + forged = Bad for web





According to the article:-

Computer scientists have uncovered direct evidence that a small but significant percentage of encrypted Web connections are established using forged digital certificates that aren't authorized by the legitimate site owner.


At least one issuer of certificates—IopFailZeroAccessCreate—was generated by a known malware sample that was presented 112 times by users in 45 different countries.

More troubling, of course, was the discovery of forged certificates issued by malware and adware programs for purposes of ferreting log-in credentials out of, and injecting banner ads into, encrypted Web traffic. Because the certificates were installed by software that made administer-level changes to the end-user computers, they likely generated few if any error warnings when they were presented.


The link below has more information:-


No comments:

Post a Comment