tag:blogger.com,1999:blog-5479191305093780981.post8312816931212332729..comments2022-02-28T11:35:44.077-08:00Comments on Lex Spoon: Certificate authority compromisedLex Spoonhttp://www.blogger.com/profile/13859632965228608649noreply@blogger.comBlogger2125tag:blogger.com,1999:blog-5479191305093780981.post-46509455743436355142011-03-24T15:51:46.161-07:002011-03-24T15:51:46.161-07:00I agree having the cert helps. However, I don'...I agree having the cert helps. However, I don't see how it helps very much.<br /><br /><br />Consider your scenario. Even without a cert for bankofamerica.com, you could redirect users to bofamerica.com, some alternate DNS name that you have obtained a cert for. It takes an unrealistically astute user to avoid getting snared by this. They have to not only notice the DNS change, but also work up confidence that the DNS change was not part of an intentional site redesign by the bank.Lex Spoonhttps://www.blogger.com/profile/13859632965228608649noreply@blogger.comtag:blogger.com,1999:blog-5479191305093780981.post-22535025566062313622011-03-24T15:11:21.370-07:002011-03-24T15:11:21.370-07:00Well, having an important cert *CAN* make a differ...Well, having an important cert *CAN* make a difference. For instance, I could drop a dup DHCP server with a proxy for Bank of America in, let's say, Harstfield Jackson Intl. Airport and transparently capture every BofA customer who uses the WiFi's logins. Doing a MITM like that without the cert... well, OK, you might get away with it for a few people, but not everyone.Robert "kebernet" Cooperhttps://www.blogger.com/profile/03336622901079453553noreply@blogger.com