Can a malicious hacker share Linux distributions which trust bad root certificates?

Posted by iamrohitbanga on Super User See other posts from Super User or by iamrohitbanga
Published on 2010-04-28T08:28:34Z Indexed on 2010/05/01 19:18 UTC
Read the original article Hit count: 350

Filed under:
|

Suppose a hacker launches a new Linux distro with firefox provided with it. Now a browser contains the certificates of the root certification authorities of PKI. Because firefox is a free browser anyone can package it with fake root certificates. Thus a fake root certificate would contain a the certification authority that is not actually certified. Can this be used to authenticate some websites. How?

Many existing linux distros are mirrored by people. They can easily package software containing certificates that can lead to such attacks. Is the above possible? Has such an attack taken place before?

© Super User or respective owner

Related posts about security

Related posts about networking