Fraudulent *.google.com certificate issued
Posted Aug 30, 2011 19:12 UTC (Tue) by dkg
In reply to: Fraudulent *.google.com certificate issued
Parent article: Fraudulent *.google.com certificate issued
intercepting, re-encrypting, and forwarding a large fraction of Google's HTTPS traffic would be a bit of a trick too.
Unless, of course, the adversary is doing a more targeted attack against a specific network they happen to be upstream of.
In that case, they can ignore all the rest of the traffic, and focus their resources on compromising traffic coming out of a network segment they are interested in.
But my larger concern here isn't about Google being compromised. That's bad, but (as the current situation shows) Google actually has the resources and infrastructure to potentially catch when something is going wrong. What about smaller sites? Google vs. a medium-sized government is like King Kong vs. Godzilla. It's not clear who would win. But what if one of these titans turns their focus on small fry? Our current infrastructure suggests a sorry future for the hope of a free and autonomous global network.
to post comments)