

Hacker Rattles Internet Security Circles - llambda
http://www.nytimes.com/2011/09/12/technology/hacker-rattles-internet-security-circles.html?smid=tw-nytimes&seid=auto

======
Woost
This article is a bit late. Anyone who has been keeping up with the Diginotar
etc stuff knows that:

1, Diginotar is dead in the water now (they've been effectively killed off by
browser vendors)

2\. The exact problem here is very well known. That is, the problems with the
SSL system having trusted authorities, and the number of companies trusted to
issue certificates. (any trusted company can issue a cert for any domain it
chooses)

3\. This problem has already happened before with other certificate vendors,
the only difference here is that Diginotar is a small enough fish that browser
vendors are reacting (see, for example:
[http://www.theregister.co.uk/2008/12/29/ca_mozzilla_cert_sna...](http://www.theregister.co.uk/2008/12/29/ca_mozzilla_cert_snaf/)
in 2008) Oh, and that Diginotar was silent on the breach.

And I like his boasting...sounds to me like a misquote or a script kiddie.

------
rbanffy
As being somewhat old-school (I learned to program on a TI55 calculator before
having a real computer - an Apple II clone) I am offended by the insinuation
old-schoolers like to boast. In fact, only the lowest of the larvae would dare
to qualify their work as the most sophisticated anything.

------
owensmartin
How I wish the Times would actually put in some technical details! If their
aim is the transparent diffusion of news, they shouldn't shy away from
technicals that maybe most people don't know. In fact, perhaps it's time more
people found out about public-key cryptography, and who "third party"
verifiers actually are. Put some due diligence back in the hands of the
public.

------
sneak
The worst part about this is that the guy who posted on Pastebin has offered
no evidence that he's the one who actually pulled off these hax.

Is the media willing to believe any claim they read on Pastebin in this post-
LulzSec world we live in?

~~~
onedognight
> the guy who posted on Pastebin has offered no evidence that he's the one who
> actually pulled off these hax.

He certainly has. <http://pastebin.com/jhz20PqJ>

In particular, he claims to have signed the Windows calculator with the (his)
Google key.

