PDA

View Full Version : Website SSL certificates spoofed by games consoles


edesignuk
Dec 30, 2008, 08:36 AM
Researchers have uncovered a weakness in the internet's digital certificate system that allows them to forge counterfeit credentials needed to impersonate virtually any website that relies on the widely used security measure.

Armed with more than 200 PlayStation 3 game consoles, the researchers are able to create a secure sockets layer certificate for any website of their choosing. The forged certificate causes all the major browsers to display a message indicating the website the user is visiting is legitimate because it's been vetted by a trusted certificate authority using supposedly robust cryptographic measures.The Register (http://www.theregister.co.uk/2008/12/30/ssl_spoofing/).

That's really quite bad news :eek: