nationwide interception of Facebook & webmail login credentials in Tunisia

[Dave Howe]

On 26/01/2011 09:18, Mark Lomas wrote:
> Some years ago (probably in 2000) I persuaded a major bank to remove the
> majority of CA certificates from the key store of the browser they had
> deployed.
> 
> The IT department regarded the change as a nuisance, but the Legal
> department understood the problem as soon as I showed them the list of CAs.
> 
> May I conduct an informal survey? Who on this mailing list has not
> removed any of the CA certificates that were pre-installed by whoever
> supplied your browser?

I haven't bothered - as has been pointed out by others, None of the
current lot are trustworthy; none of them would even resist a demand
from a TLA in their jurisdiction to mint a few extra certs, none will
accept any liability for any loss I might suffer due to spoofed site
getting any of my details, and none have a good track record when it
comes to *not* mistakenly issuing certs to those not authorized to have
them.

I *do* have Cert Patrol installed, but that throws up some curious
anomalies; for instance, TSB appear to have some sort of farm for their
web service, but have different certificates on each. This causes CP a
certain amount of distress every time I visit there...