Is That Google Site Real ?

[GhostShip]

Just when you thought that all the silliness was over for this time of year 

http://arstechnica.com/security/2014/07/crypto-certificates-impersonating-google-and-yahoo-pose-threat-to-windows-users/

People using Internet Explorer and possibly other Windows applications could be at risk of attacks that abuse counterfeit encryption certificates recently discovered masquerading as legitimate credentials for Google, Yahoo, and possibly an unlimited number of other Internet properties.

A blog post published Tuesday by Google security engineer Adam Langley said the fraudulent transport layer security (TLS) certificates were issued by the National Informatics Centre (NIC) of India, an intermediate certificate authority that is trusted and overseen by India's Controller of Certifying Authorities (CCA). The CCA, in turn, is trusted by the Microsoft Root Store, a library that IE and many other Windows apps rely on to process the TLS certificates that banks, e-mail providers, and other online services use to encrypt traffic and prove their authenticity. (Firefox, Thunderbird, and Chrome on Windows aren't at risk.)

You see folks I told you this would happen if you didnt get protected 

Now take a tip from your old mate Ghosty and get one of these before it's too late !!!

http://zapatopi.net/afdb/





 

 

[Trestor]

I think a foil hat is not enough because brain manipulating signals can get in from underneath. What we need to do is to get around in the world in a full suit of armor. I believe the mark II version has opening flaps front and rear for those "special needs".

[silicon_toad2000]

i've got a layer of foil in my wallet after seeing how easy it is to scan cards with chips and what not these days
maybe im just a crank, but most of the voices in my head said it was a good idea.

[GhostShip]

MS has awoken and rushed out an update to their revocation list 

http://arstechnica.com/security/2014/07/emergency-windows-update-revokes-dozens-of-bogus-google-yahoo-ssl-certificates/

Microsoft has issued an emergency update for most supported versions of Windows to prevent attacks that abuse recently issued digital certificates impersonating Google and Yahoo. Company officials warned undiscovered fraudulent credentials for other domains may still be in the wild.

Reading the small print however ...

At the moment, there is no way for systems running Windows Server 2003 to revoke the fraudulent certificates.

[wonderer]

using a condom on my network cable protects me for years against any virus
renew from time to time is a good habit

[GhostShip]

That sounds like a foolproof method of avoiding virtually everything Wonderer 

Now what can we do about that pesky wireless ..

[wonderer]

tinfoil seems to shield perfectly against radio waves
 fine maze cage of Faraday might work too