Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Connections secured with TLS aren't effective if a) you can compromise the CA, b) have the private keys, c) have cooperation of the appropriate company (most likely), d) have compromised the server, e) are aware of flaws in the encryption algorithm, f) weak keys have been used, or g) have compromised the client computer.


Compromising the CA isn't as powerful as most would think. It does allow you to MITM, however it does not allow you to do so invisibly. Someone who is paying attention to the public key could notice that it changed.


But you could do it for a specific target and that target has a high chance of not noticing. Doing it indiscriminately on the other hand...


It's also not effective if h) TLS was never used in the first place. Facebook hasn't always been all that secure to eavesdropping.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: