| ▲ | codethief 3 days ago | ||||||||||||||||
> every black hat nation state actor would love to break into on their cert issuance servers and export a bunch of legit signed certs to run man-in-the-middle attacks I might be misremembering but I thought one insight from the Snowden documents was that a certain three-letter agency had already accomplished that? | |||||||||||||||||
| ▲ | 9Ljdg6p8ZSzejt 2 days ago | parent [-] | ||||||||||||||||
This was DigiNotar. The breach generated around 50 certificates, including certificates for Google, Microsoft, MI6, the CIA, TOR, Mossad, Skype, Twitter, Facebook, Thawte, VeriSign, and Comodo. Here is a nice writeup for that breach: https://www.securityweek.com/hacker-had-total-control-over-d... | |||||||||||||||||
| |||||||||||||||||