|
|
|
|
|
|
by retrodaredevil
568 days ago
|
|
|
Let's assume that some malicious third party has control of the certificate that was created by this fishy CA. The main attack that they could carry out is a man in the middle (MitM) attack. This attack requires this malicious third party to be able to intercept and change the contents of requests being sent to google.com and someone's web browser. A MitM attack can be easily carried out by someone in control of an ISP, or someone in control of a WiFi network. So, if you trust your ISP and your WiFi network, realistically you have nothing to worry about. The reason that this issued certificate could allow an attack like this to happen is because all websites nowadays use HTTPS connections, and certificate authorities are the entities that tell your web browser that certain certificates are legit. They confirm that a website is actually that website. If you visit some website and someone tries to do a MitM attack between your web browser and that website, the web page should fail to load because if they try to change the certificate, your web browser should reject it because it is invalid. |
|
|