Interesting article stating that the South Korean security service has tapped the gmail communications of one of its citizens. As the default for gmail is https, this could indicate the intelligence service is able to hack one of the more modern internet encryption technologies.
We know that there are vulnerabilities in some of the older encryption technologies.
I’ve been watching some discussion of this on some of the listservs I belong to. Possibilities are:
- Poor browser configuration or implementation of encryption/CA;
- Obsolete encryption (unlikely in my opinion given Google’s public statements on the encryption it uses);
- Fraudulent CA (see related article here); or
- Man in the middle with valid certs.
I am sure there are others. I’d love to hear the security experts leave some comments on this subject. I know I’ll be chatting with some of our internal experts about this.