public key infrastructure - distribute bad root certificates

Posted by iamrohitbanga on Super User See other posts from Super User or by iamrohitbanga
Published on 2010-04-28T08:28:34Z Indexed on 2010/04/28 8:33 UTC
Read the original article Hit count: 400

Filed under:
|

Suppose a hacker launches a new Linux distro with firefox provided with it. Now a browser contains the certificates of the root certification authorities of PKI. Because firefox is a free browser anyone can package it with fake root certificates. Can this be used to authenticate some websites. How?

Many existing linux distros are mirrored by people. They can easily package software containing certificates that can lead to such attacks. Is the above possible?

Has such an attack taken place before?

© Super User or respective owner

Related posts about security

Related posts about networking