Forged SSL Certificates Pervasive on the Internet
About 0.2% of all SSL certificates are forged. This is the first time I’ve ever seen a number based on real data. News article:
Of 3.45 million real-world connections made to Facebook servers using the transport layer security (TLS) or secure sockets layer protocols, 6,845, or about 0.2 percent of them, were established using forged certificates.
Actual paper.
EDITED TO ADD (6/13): I’m mis-characterizing the study. The study really says that 0.2% of HTTPS traffic to Facebook is intercepted and re-signed, and the vast majority of that interception and resigning happens either on the user’s local computer (by way of trusted security software which is acting scanning proxy) or locally on a private network behind a corporation’s intercepting proxy/firewall. Only a small percentage of intercepted traffic is a result of malware or other nefarious activity.
Carlos • May 16, 2014 7:17 AM
Hmm, I’m missing something.
Https requires a server certificate, not a client one, right ?
So if this is facebook data, does it mean 0.2% of facebook servers are forged ?
And if this is so, how do we collect such data ??? I might turn redfaced when I hear the answer, but still…