Can a malicious hacker share Linux distributions which trust bad root certificates?
Posted
by iamrohitbanga
on Super User
See other posts from Super User
or by iamrohitbanga
Published on 2010-04-28T08:28:34Z
Indexed on
2010/05/01
19:18 UTC
Read the original article
Hit count: 350
security
|networking
Suppose a hacker launches a new Linux distro with firefox provided with it. Now a browser contains the certificates of the root certification authorities of PKI. Because firefox is a free browser anyone can package it with fake root certificates. Thus a fake root certificate would contain a the certification authority that is not actually certified. Can this be used to authenticate some websites. How?
Many existing linux distros are mirrored by people. They can easily package software containing certificates that can lead to such attacks. Is the above possible? Has such an attack taken place before?
© Super User or respective owner