HTTPS No Longer Secure???

/ 30 October 2011

Interesting article stating that the South Korean security service has tapped the gmail communications of one of its citizens. As the default for gmail is https, this could indicate the intelligence service is able to hack one of the more modern internet encryption technologies.

We know that there are vulnerabilities in some of the older encryption technologies.

I’ve been watching some discussion of this on some of the listservs I belong to. Possibilities are:

  1. Poor browser configuration or implementation of encryption/CA;
  2. Obsolete encryption (unlikely in my opinion given Google’s public statements on the encryption it uses);
  3. Fraudulent CA (see related article here); or
  4. Man in the middle with valid certs.

I am sure there are others. I’d love to hear the security experts leave some comments on this subject. I know I’ll be chatting with some of our internal experts about this.

Related posts

One thought on “HTTPS No Longer Secure???

  1. Pingback: Privacy v. Free Speech? Not today . . . | Next Practices

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s