Hacker News new | ask | show | jobs
by ksjskskskkk 915 days ago
you forget systems have humans in them. most online banking scams hijack bank domains and use CAs for that country gov, which usually have keys leaked or sold on the right (wrong?) places. just look at india or brazil list of small govt CA revocations. those are usually CAs signed by the CAs in your browser.

so, yeah, a gov abusing this is very bad and visible. scammers profiting from the complexity and humans in the machine, is very common.
1 comments
gruez 915 days ago
>most online banking scams hijack bank domains and use CAs for that country gov, which usually have keys leaked or sold on the right (wrong?) places. just look at india or brazil list of small govt CA revocations

Source? If true they're grounds for ejection from root certificate programs of various OS/browsers.

link
ksjskskskkk 914 days ago
karpersky writes about then from time to time. since its not the CA key but some CA signed by those CA they just revoke that one and move on and nobody cares. last year (or the one before) they discussed this at length on the mozilla chats before the meeting
link