Saturday, August 14, 2010

Proliferation of encryption certification authorities seen as a new security hazard

Miguel Helft has an important story in the New York Times Aug. 13, “A Warning in the Weak Link in the Security of Web Sites” Browser vendors like Microsoft, Firefox and Google Chrome have the authority to appoint security certificate authorities, which have proliferated. The link for the story is here.

These companies certify that a site’s encryption is authentic, and display a closed lock icon somewhere around the browser’s tool bar.

In at least one case, a certificate authority was found to have installed spyware on some Blackberry handsets.

The story seems important also because Firefox has been promoting “universal encryption” of all web traffic.

(See International Issues blog posting today, also, for more on the problem in UAE.)

No comments: