-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Worth a read:
"Netcraft has found dozens of fake SSL certificates impersonating banks, ecommerce sites, ISPs and social networks. Some of these certificates may be used to carry out man-in-the-middle attacks against the affected companies and their customers. Successful attacks would allow criminals to decrypt legitimate online banking traffic before re-encrypting it and forwarding it to the bank. This would leave both parties unaware that the attacker may have captured the customer's authentication credentials, or manipulated the amount or recipient of a money transfer." "The fake certificates bear common names (CNs) which match the hostnames of their targets (e.g. www.facebook.com). As the certificates are not signed by trusted certificate authorities, none will be regarded as valid by mainstream web browser software; however, an increasing amount of online banking traffic now originates from apps and other non-browser software which may fail to adequately check the validity of SSL certificates." Much more: http://news.netcraft.com/archives/2014/02/12/fake-ssl-certificates-deployed-across-the-internet.html FYI, - - ferg - -- Paul Ferguson VP Threat Intelligence, IID PGP Public Key ID: 0x54DC85B2 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iF4EAREIAAYFAlL9E28ACgkQKJasdVTchbIg3QD9HfJ1OF+YUf5ItT9y41Pxo+m7 DAh0W0ZOFEG1FbVRFwYA/RFIFD4TbB0t9JspGCF4J+98ab79zy0ndMjhMn97wm1b =RSw9 -----END PGP SIGNATURE-----
