Robert Graham detailed on the Errata Security blog how he was able to get the private key of the Superfish certificate. I understand that attackers can now use this key to generate certificates of their own which will be signed by the Superfish CA.
Won’t the same attack work on other root certificates already on a computer? Why was the private key on the computer in the first place?
Aucun commentaire:
Enregistrer un commentaire