Can a malicious hacker share Linux distributions which trust bad root certificates?
- by iamrohitbanga
Suppose a hacker launches a new Linux distro with firefox provided with it. Now a browser contains the certificates of the root certification authorities of PKI. Because firefox is a free browser anyone can package it with fake root certificates.
Thus a fake root certificate would contain a the certification authority that is not actually certified.
Can this be used to authenticate some websites. How?
Many existing linux distros are mirrored by people. They can easily package software containing certificates that can lead to such attacks.
Is the above possible?
Has such an attack taken place before?