PhpRiot
News Archive
PhpRiot Newsletter
Your Email Address:

More information

Fake *.google.com SSL certificate in the wild

Note: This article was originally published at Planet PHP on 30 August 2011.
Planet PHP

Interesting news passed by today, apparently a fraudelent SSL was issued by Diginotar, effectively allowing wrong-doers to perform MITM attacks for all google services. Normally fake certificates will clearly error up in the browser, but because Diginotar is a trusted CA (certificate authority) it won't.

This says something about how much we can trust SSL. All it takes is one corrupt employee at a trusted CA and it falls down. CNET has pretty good coverage of the story.