8/11/2019 Trusted Network Journal Computer Security
1/3
COMMENTCULTUREConservation in Italy40 years on from
UNESCOheritage list p.328
BIOTECHNOLOGY A call for morerigorous research into healthimpact
of GM foods p.327
ASTRONOMYExtrasolarplanets, sci-fi and KimStanley Robinson
p.330
OBITUARYEdward DonnallThomas, bone-marrow
pioneer, remembered p.334
Secure the InternetSoftware engineers must close the loophole
used to interceptonline communications, say Ben Laurieand Cory
Doctorow.
bankruptcy soon afterwards. The keys wereused to impersonate
sites such as Facebookand Gmail in Iranian dissidents
browsers,allowing all of their messages to be read.
Certificates allow the web to work. Theysecure transactions and
allow users to entercredit-card numbers, share data acrossnetworks
or chat in private forums. Withoutcertificates, hackers could
easily stopcorrupt or eavesdrop on these exchanges.But certificates
are in trouble. As moreauthorizing bodies are added to browsers
lists of trusted CAs, and as governments,
Malaysian Agricultural Research andDevelopment Institute) whose
encryptedsignature on a website or piece of softwaretells a browser
program that the destinationis bona fide. Until the breach was
found andthe certificate revoked, the keys could beused to
impersonate virtually any site on theInternet.
Fake certificates are used by hackers andgovernments to harvest
online commun-ications. In 2011, for example, a hackerbased in Iran
stole the signing keys from
DigiNotar, a Dutch CA that declared
In 2011, a fake Adobe Flash updater wasdiscovered on the
Internet. To any user itlooked authentic. The softwares crypto-
graphic certificates, which securely verifythe authenticity and
integrity of Internetconnections, bore an authorized
signature.Internet users who thought they were apply-ing a
legitimate patch unwittingly turnedtheir computers into spies. An
unknownmaster had access to all of their data.
The keys used to sign the certificates hadbeen stolen from a
certificate authority
(CA), a trusted body (in this case, the
ILLUSTRATIONBYANDREWR
AE
1 5 N O V E M B E R 2 0 1 2 | V O L 4 9 1 | N A T U R E | 3 2
5
