On 30/09/13 20:35 PM, Igor Bukanov wrote: ...
A real experience shows that a substantial number of those fraud attempts comes from computers where malware installs own root certificate and then install either real or transparent proxy. The access to the proxy is then sold to third parties that can do with it whatever they want with decrypted traffic.
...
As a slight diversion, do you have any documentary evidence on that? I collect a history of attacks on PKI, so as to inform risk analysis, and I like to document any known *real* attacks other than omigosh attacks.
iang _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
