Citing data assembled three years ago by the Electronic Frontier Foundation's SSL observatory, the report said there were 1,053 certificates signed by recognized authorities that end in 63 strings which are candidates to become top-level domains. Such a scenario might make it possible for "man-in-the-middle" attackers, who control a connection between a website and end users, to spoof traffic in a way that would completely bypass encryption protections provided by SSL.

Thursday, April 4, 2013
Ars Technica

Related Issues