Friday, March 25, 2011

TOR and EFF report major breach with https CA's, possibly linked to Iran

Electronic Frontier Foundation has a story this morning about how a HTTPS/TLS certifying authority (CA) got duped into issuing phony certificates recently, apparently by hackers in Iran (probably connected to its government), which EFF warns threatened an “internet-wide security meltdown”, in a story March 23 by Peter Eckersley here

The TOR Project also has a blog entry story about this here

EFF goes on to give some discussion of DNSSEC-PKI (link), and refers to questions about the underlying security of the domain name system, which erupted in a major security crisis in the middle of 2008.

It’s still very much an open subject. 

HTTPS is absolutely essential to surfing and entering any passwords or personal information in a wireless environment.

Curiously,this morning, on my Windows 7 Pro machine, I had trouble getting to EFF from Google Chrome, but it worked in Mozilla, and on a nearby XP machine in Chrome.  There could be a subtle issue with https,  Windows 7 and Chrome together in some circumstances.  

No comments: