Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?

Submission + - Comodo hack may reshape browser security ( 1

suraj.sun writes: Major browser makers are beginning to revisit how they handle Web authentication after last month's breach that allowed a hacker to impersonate sites including Google, Yahoo, and Skype. Currently, everyone from the Tunisian government to a wireless carrier in the United Arab Emirates that implanted spyware on customers' BlackBerry devices and scores of German colleges are trusted to issue digital certificates for the largest and most popular sites on the Internet.

Microsoft's manager for trustworthy computing, Bruce Cowper, told CNET that the company is "investigating mechanisms to help better secure" certificate authorities, and Ben Laurie, a member of Google's security team, said the Mountain View, Calif., company is "thinking" about ways to upgrade Chrome to highlight possibly fraudulent certificates that "should be treated with suspicion."

Peter Eckersley, a senior staff technologist at the Electronic Frontier Foundation who has compiled a database of public Web certificates, says one way to improve security is to allow each Web site to announce what certificate provider it's using.

CNET News:

This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Comodo hack may reshape browser security

Comments Filter:
  • Do away with greedy certificate providers like VeriSign altogether.
    Store a hash of the certificate in DNS and use DNSSEC to ensure the hash (and the IP address of the server) cant be tampered with.

    Certificates under this model wouldn't even include any identifying information (e.g. the company name of the company who owns the certificate).
    All that SSL/DNSSEC/etc should be doing is A.Making sure that you are talking to the correct computer for the domain you are trying to access and not another computer wher

With all the fancy scientists in the world, why can't they just once build a nuclear balm?