What have you always wondered about the economy? Tell us
Codebreaker

Rogue Google certificate loose in the wild

John Moe Aug 30, 2011

Lock up your Googles! A forged certificate has been detected that can allow hackers to get into just about any Google account you can think of, including Gmail.

From the Telegraph:

The “man in the middle” attack also further undermines general confidence in the Secure Sockets Layer (SSL), a security protocol used to authenticate all kinds of sensitive internet traffic, including online banking. SSL certificates are meant to act as an independent third party to verify that communication between a website and a browser are secure.

The forgery appears to be based in Iran. This issue casts a light on the pretty weird and highly byzantine system of certifications and who is authorized to issue them. Short answer: dozens of places you wouldn’t expect, many are holdovers from the early days of the web. Since these certificates are what verify identity on the web, a lot of people think there need to be fewer issuing authorities that could be more easily managed.

Marketplace is on a mission.

We believe Main Street matters as much as Wall Street, economic news is made relevant and real through human stories, and a touch of humor helps enliven topics you might typically find…well, dull.

Through the signature style that only Marketplace can deliver, we’re on a mission to raise the economic intelligence of the country—but we don’t do it alone. We count on listeners and readers like you to keep this public service free and accessible to all. Will you become a partner in our mission today?

Your donation is critical to the future of public service journalism. Support our work today – for as little as $5 – and help us keep making people smarter.