nationwide interception of Facebook & webmail login credentials in Tunisia
lists at internetpolicyagency.com
Wed Jan 26 10:49:55 GMT 2011
<AANLkTimn_sUK8=CQmMNZECz508Dxdy0a3npJorOvR8f_ at mail.gmail.com>, Mark
Lomas <ukcrypto at absent-minded.com> writes
>May I conduct an informal survey? Who on this mailing list has not
>removed any of the CA certificates that were pre-installed by whoever
>supplied your browser?
I haven't (it's outside of my life's-too-short envelope). On the other
hand I do note (with sadness) whenever a blue-chip site's certificates
seem to have expired.
And then there's the famous brand of login-requiring public wifi hotspot
with a side effect of making the log-in screen appear to have a duff
certificate (it's to do with the way they spoof the DNS to bring up the
log-in screen I think).
More information about the ukcrypto