Linked by Igor Ljubuncic on Mon 2nd Apr 2012 15:41 UTC
Features, Office You have just bought tickets to an exotic vacation spot. You board the flight, you land safely, you pull your netbook from your backpack, fire it up, and then check if there are any available Wireless networks. Indeed there are, unencrypted, passwordless, waiting for you. So you connect to the most convenient hotspot and start surfing. Being addicted as you are, you want to login into your email or social network just to check if something cardinal happened in the world during your four-hour flight. You're about to hit the sign in button. Stop. What you're about to do might not be safe.
Permalink for comment 512781
To read all comments associated with this story, please click here.
RE[3]: Firefox and Chrome
by chandler on Tue 3rd Apr 2012 13:42 UTC in reply to "RE[2]: Firefox and Chrome"
chandler
Member since:
2006-08-29

Several certificate authorities were just revealed to have been selling subordinate roots to IT organizations which would allow them to do just that. Here's the letter that Mozilla sent out to all their registered CAs about this issue:

https://groups.google.com/group/mozilla.dev.security.policy/msg/57b1...

So I'm afraid that trusting SSL to prevent MITM attacks is no longer possible. You should inspect certificates or use an addon like Certificate Patrol to help automate the process, and if you are connecting to an untrusted network, consider using your own VPN as well.

Reply Parent Score: 1