Symantec has mis-issued at least 30,000 certificates over the past few years. This is a huge deal, since a Certificate Authority’s ONLY job is to be TRUSTED. If you can’t trust them, then they have no purpose to exist. Frankly Google has to be nice in the grand scheme of things. I’m taking a more hostile approach by Read more about Symantec Lands on the Never Trust List[…]
Here’s how to verify your SSL/TLS traffic is being intercepted and decrypted (aka Man-In-The-Middle) even though the browser doesn’t alert you. Check the SH1 fingerprint. Steve Gibson’s Fingerprint Service is a good tool for this.
Today, I was at a clients site and this happened while going to gingsoft.com which is a secure site with an EV SSL certificate, so rather than seeing this: I saw this instead, red “X” https using SSL: Your employer will have an SSL interceptor that grabs traffic between your computer and the Internet. When you surf Read more about Don’t Worry About the NSA. Worry About Your Employer…[…]
My MacBook Pro is running OS X 10.10.3 and has 204 “trusted” root certificates its keychain. I personally don’t trust most of them and neither should you. A lot of malware is signed with some of these “trusted” root certs due to either compromise or negligence. Un-trusting these root certs will alert you when something Read more about Trusted Root Certificates[…]