| Home : February 13 2014 Computer News : Dozens of rogue self-signed SSL certificates used to impersonate high-profile sites |
|
Dozens of rogue self-signed SSL certificates used to impersonate high-profile sites |
February 13, 2014
Dozens of self-signed SSL certificates created to impersonate banking, e-commerce and social networking websites have been found on the Web. The certificates don’t pose a big threat to browser users, but could be used to launch man-in-the-middle attacks against users of many mobile apps, according to researchers from Internet services firm Netcraft who found the certificates.“The fake certificates bear common names (CNs) which match the hostnames of their targets (e.g. www.facebook.com),” the Netcraft researchers said Wednesday in a blog post. “As the certificates are not signed by trusted certificate authorities, none will be regarded as valid by mainstream web browser software; however, an increasing amount of online banking traffic now originates from apps and other non-browser software which may fail to adequately check the validity of SSL certificates.”To read this article in full or to leave a comment, please click here
Link: http://www.pcworld.com/article/2097781/dozens-of-rogue-selfsigned-ssl-certificates-used-to-impersonate-highprofile-sites.html#tk.rss_all
|
|
|
|
|
