The Electronic Frontier Foundation has asked Verizon, a certificate authority, to stop trusting the certificate issued to Etisalat.
Etisalat was caught using its authority to sign an update for blackberries in the United Arab Emirates which caused malicious code to be downloaded onto blackberry user's devices without their consent. This code (better called surveillance software) was used by the government of the UAE to spy on blackberry users.
Because browsers and other software trust Etisalat's authority, this means that any users SSL connection with any site could be hijacked completely transparently. This leaves their personal information vulnerable as well as their computers if they download executable code which is signed by Etisalat.
Hopefully Verizon revokes this certificate and the SSL trust system will be made slightly more secure. As long as trust for this system is not distributed and resides in a hierarchy, problems like this will continue to occur.
Have a tip for your editors? Send it to staff@h*ckbloc.org You can use our pgp key which can be found here.
Donate to hackbloc to help us keep it running!
Why You Should Donate
Tools, Actions, News, and more!!
hackthiszine@lists.hackbloc.org
Emails sent to the above address are publicly archived online. Want more privacy? Contact us at staff{at}hackbloc.org.
Article Deadline for Issue #14: N/A Release Date for Issue #14: N/A
HackBloc.org by The Hackbloc Collective is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License for those who respect property rights. For everyone else, you are free.