Iranian hacks call into question the stability of the whole web
An Iranian youth browses a political blog at an Internet cafe in the city of Hamadan, 360 kms southwest of Tehran, on May 27, 2009.
These maneuvers have been traced to IP addresses within Teheran and there is speculation that the Iranian government may be behind these efforts. It certainly would be one way of spying on dissidents by knowing what they were sending in emails they believed to be private.
So what is the significance of this hack on the rest of us users? It could be huge. Steve Schultze is associate director of the Center for Information Technology Policy at Princeton University. He says that it points out a fundamental problem in the very architecture of the Internet. There are hundreds of entities that have been given the authority to hand out these certificates. Some of them are official government institutions, but one of those was the former government of Tunisia (which, you'll recall, was tossed out a few months ago amid charges of corruption). There are also private companies, 100 German universities and even an observatory. All it really takes is for one of those entities to be compromised for those certificates to be hijacked.
So while it's a good thing to use a secured setting for your computing, the layer that establishes that security may itself be vulnerable to attack. In Iran, the hackers were essentially able to step between user and website and intercept all the information passing through.
Various Internet organizations and companies are working to correct this system. We'll keep you posted on their progress.
Also in this program, you can buy a Facebook greeting from an "American Idol" contestant for $1. If you want.