Internet security
Mistrust authority
A hacking attack exposes deeper flaws in the internet’s security infrastructure
Sep 10th 2011
Wednesday May 23rd 2012
Advertisement
Most commented
- The euro crisis: The Greek run
- Foreigners in China: Barbarians at the gate, again
- Brazil’s economy: A bull diminished
- Russia and NATO: Rethink the reset
- Gay marriage: North Carolina begs the question too
- Nationalism online: Backfired
- Turkey’s cultural ambitions: Of marbles and men
- Greece and the euro: Exodus, chapter 1
- Personality and polarisation: The big sort
- Renouncing citizenship: Did Eduardo Saverin do anything wrong?
Over the past five days
Most recommended
- The euro crisis: The Greek run
- Greek politics: Slouching towards the drachma
- Brazil’s economy: A bull diminished
- Foreigners in China: Barbarians at the gate, again
- The euro crisis: Going, going, gone?
- Jacob Zuma: Portrait of a president
- Rival versions of capitalism: The endangered public company
- Renouncing citizenship: Did Eduardo Saverin do anything wrong?
- Bo Xilai v Chen Guangcheng: Who is the mightier?
- Facebook goes public: Not top of the pops
Over the past seven days
Advertisement
Products & events
Readers' comments
Reader comments are listed below. Comments are currently closed and new comments are no longer being accepted.
Sort:
I think the article is correct that this is more a social problem than a technical one. If we exchanged public PGP certificates directly, there would be no concern with central Certificate Authorities (CAs) being cracked, but it's a lot of work to collect trusted public certificates for every person and web site you want to work with.
In the meantime, until we come up with a better social model for decentralized certificate exchange, perhaps the big, centralized CAs need to be subject to independent security audits (like banks or publicly-traded companies are subject to independent financial audits), and those who fail the audits are dropped from the major browsers. That is a strong incentive for them to clean up their acts.
I have honestly never payed much attention to whether a site is either
"http" or "https", given that I have never participated in detailed online websites. I think that the amount of individuals capable of hacking, and the ability to gain quick knowledge on how to hack nearly anything you want has warranted a need for more 'internet' security and task force.
here is the pastebin post from comodohacker http://pastebin.com/1AxH30em