In CA’s we trust

Everyday we collectively log into the websites of the world. We inherently put our trust in hundreds of certificate authority companies that seek out to make sure you have a trusted connection to the web servers. Guess what, three of those companies were hacked. Counterfeit digital certificates were issued out to for pages including the likes of Google, Microsoft, WordPress (yup), Twitter, Facebook, Equifax, the CIA, and many others. Shockingly, no financial institutions were hit. The hackers were presumably after personal data rather than immediate financial gain. Although I’m sure it comes down to greenbacks in the end. In reality, the internet isn’t a secure place at all. It is a trust based system built into flawed human trustworthiness.

The pressure is now on the CA’s to make themselves more hack proof and browsers to recognize these certificates better. Could you imagine signing into your gmail and your browser giving you the little green icon and big bold letters reading “Trusted Site”, when in reality you’re giving away your information to a phishing site? It’s as simple as forging a certificate.

http://www.usatoday.com/tech/news/story/2011-09-27/webpage-hackers/50575024/1

Advertisements