Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Significant portion of HTTPS Web connections made by forged certificates


  • Please log in to reply
1 reply to this topic

#1 NickAu

NickAu

    Bleepin' Fish Doctor


  • Moderator
  • 12,929 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:127.0.0.1 Australia
  • Local time:05:00 PM

Posted 11 May 2014 - 07:32 PM

 

Computer scientists have uncovered direct evidence that a small but significant percentage of encrypted Web connections are established using forged digital certificates that aren't authorized by the legitimate site owner.

http://arstechnica.com/security/2014/05/significant-portion-of-https-web-connections-made-by-forged-certificates/


Arch Linux .
 
 Come join the fun, chat to Bleeping computer members and staff in real time on Discord.
 
The BleepingComputer Official Discord Chat Server!


BC AdBot (Login to Remove)

 


#2 philfil

philfil

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:08:00 AM

Posted 12 May 2014 - 03:43 PM

I have noticed that the small number of https: websites which are blocked by my browser appears to have gone up. The most recent is, surprisingly,  https://www.dnsleaktest.com. Firefox announces that "This Connection is Untrusted". ( I would avoid clicking on that URL unless you are confident that your browser will recognise sites whose identity can't be verified). It could be simply an error, but it's interesting that many who look at that site will be users of a Virtual Private Network, or VPN.  (Personally, I don't use VPN, but DNS leak test sites are quite good at telling you which DNS server you are actually using.)


Edited by philfil, 12 May 2014 - 03:44 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users