[SSL Observatory] New bad Google MITM cert
Seth Schoen
schoen at eff.org
Sat Dec 7 14:05:56 PST 2013
http://googleonlinesecurity.blogspot.com/2013/12/further-improving-digital-certificate.html
They caught it with pinning. I wonder if we have a sample; it sounds
like it was an extremely small-scale attack (a single organization got
an intermediate chaining to a publicly-trusted root in order to spy on
employees with its firewall?). If that was the entire scope of it,
it's relatively unlikely that anyone in that organization is sending
observations to us, maybe depending on how large the organization is
and whether they prevent desktop users from installing third-party
software.
--
Seth Schoen <schoen at eff.org>
Senior Staff Technologist https://www.eff.org/
Electronic Frontier Foundation https://www.eff.org/join
815 Eddy Street, San Francisco, CA 94109 +1 415 436 9333 x107
More information about the Observatory
mailing list