Adobe Flash for better or worse is quite ubiquitous these days. Aside from my servers, I have some version of support across my Windows, Linux and OSX systems. Heck, even on my lower security servers where I have Chrome installed, I have a version of Flash through that browser.
Ouch. SSL Forward Proxies are becoming more common place for legitimate reasons. With the use of proper certs from root CAs (or trusted CAs even within your firm’s/institution’s/organization’s systems), many forms of so-called trusted communications are nullified.
Even though the hackers could execute man-in-the-middle attacks against Google/Gmail users without the end-users knowledge causing godknowshowmuchharm, at least… umm, at least it’s only one cert and everyone’s alerted. That’s positive, right? And it’s not like any hacker wouldn’t show his whole hand either! *cough*
So, no wonder why people layer security or go with proprietary methods. I’ve been asked before why Skype’s encryption isn’t standards based. Consider their decision in light of exploits such as Google certificate being hijacked…
Here’s to hope that the known cert is revoked broadly and quickly so that Google/Gmail users can sigh an uncomfortable breath of relaxation… and that people learn to not trust anyone, even themselves when it matters. ;->