Ministry of Privacy

EFF deep links has a story about ways governments could forge SSL certificates to defeat SSL session privacy. Certainly this is now being done by NSA:

“Cryptography is typically bypassed, not
| Adi Shamir

FLAW? Researchers released a draft paper about an inherent
browser security flaw with evidence that governments
may be able to surreptitiously spy on users’ “secure”
communications. Most modern browsers rely on certificate
authorities (CAs) to vouch for whether a secure site
is what it claims to be. But there’s evidence that
governments are being sold tools that they can use as
part of a scheme to have CAs issue certificates for
surveillance operations, enabling the undetectable
spoofing of ceratin websites or services.

For details about the security research:

The paper itself:

Ministry of Privacy

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s