{"id":150,"date":"2010-07-08T19:56:29","date_gmt":"2010-07-08T17:56:29","guid":{"rendered":"http:\/\/eguaj.tumblr.com\/post\/785953680"},"modified":"2011-03-02T22:02:26","modified_gmt":"2011-03-02T21:02:26","slug":"785953680","status":"publish","type":"post","link":"https:\/\/locallost.net\/?p=150","title":{"rendered":"Fortinet breaks HTTPS"},"content":{"rendered":"

… but they are not the only one.<\/em><\/p>\n

This morning, I was working at a client premises, and when I logged into my Google Apps mail account, Firefox greated me with the you-are-connecting-to-an-untrusted-https-web-site banner.<\/p>\n

After checking the certificate, I noticed it was in fact issued by Fortigate\/Fortinet.<\/p>\n

That's what we call a Man-In-The-Middle (MITM) attack: you seat in the middle and pretend to be the person someone is trying to reach, and can therefore eavesdrop on their data\/credentials\/etc. in clear form.<\/p>\n

Well, at least they where using a self-signed certificate, that was not recognized by a root CA. But what if they add such a certificate ?\u00a0I remember seeing an article about such equipments, that have valid certificate, and can therefore silently snoop on any HTTPS communication, without ever noticing it.<\/p>\n

Does this renders HTTPS completely useless ? Who will really disable the renegade root CA in their browser, and manually check and setup trusted certificates one-by-one for the websites they visit ?<\/p>\n

Finally, this issue is perhaps one of the oldest in human behaviour: trust.<\/p>\n","protected":false},"excerpt":{"rendered":"

… but they are not the only one. This morning, I was working at a client premises, and when I logged into my Google Apps mail account, Firefox greated me with the you-are-connecting-to-an-untrusted-https-web-site banner. After checking the certificate, I noticed … Continuer la lecture →<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[10],"tags":[],"class_list":["post-150","post","type-post","status-publish","format-standard","hentry","category-regular"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_shortlink":"https:\/\/wp.me\/p2Bei9-2q","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/locallost.net\/index.php?rest_route=\/wp\/v2\/posts\/150","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/locallost.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/locallost.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/locallost.net\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/locallost.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=150"}],"version-history":[{"count":2,"href":"https:\/\/locallost.net\/index.php?rest_route=\/wp\/v2\/posts\/150\/revisions"}],"predecessor-version":[{"id":275,"href":"https:\/\/locallost.net\/index.php?rest_route=\/wp\/v2\/posts\/150\/revisions\/275"}],"wp:attachment":[{"href":"https:\/\/locallost.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=150"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/locallost.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=150"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/locallost.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=150"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}