NSA disguised itself as Google to spy, say reports | Politics and Law - CNET News
Gregory Alan Bolcer stashed this in Privacy
If you look at your browser's certificate authority store, there's well over a hundred trusted root certificates. Once a user has one, it's all over. Encryptanet (and Paycloud) was all about installing a trusted certificate to do a man in the middle benign attack that reduced friction to content for fun and profit. I think these sorts of CA compromises were well known by 2003, so it's funny how far we've come in 10 years.
had not read this. thanks for sharing