Tag Archives: security

Google Certificate Obtained by Hackers

Trust No One

Ouch.  SSL Forward Proxies are becoming more common place for legitimate reasons. With the use of proper certs from root CAs (or trusted CAs even within your firm’s/institution’s/organization’s systems), many forms of so-called trusted communications are nullified.

Even though the hackers could execute man-in-the-middle attacks against Google/Gmail users without the end-users knowledge causing godknowshowmuchharm, at least… umm, at least it’s only one cert and everyone’s alerted. That’s positive, right? And it’s not like any hacker wouldn’t show his whole hand either! *cough*

So, no wonder why people layer security or go with proprietary methods. I’ve been asked before why Skype’s encryption isn’t standards based. Consider their decision in light of exploits such as Google certificate being hijacked…

Here’s to hope that the known cert is revoked broadly and quickly so that Google/Gmail users can sigh an uncomfortable breath of relaxation… and that people learn to not trust anyone, even themselves when it matters. ;->