Dev.SN ♥ developers
Sections
Dev.SN
Fluffeh writes:
A recent article by The Intercept showed how US and UK intelligence agencies have been impersonating the servers of companies like Facebook. In November, Der Spiegel noted that agencies created "bogus versions" of sites like Slashdot and LinkedIn to plant malware in targets' machines.
Copyright claims brought against the government must be filed in the US Court of Federal Claims, and the subject matter in question must have previously been registered with the Copyright Office-something companies don't typically do for their Web interfaces.
In contrast, under the Lanham Act, the government is expressly liable. The law clearly states, "As used in this paragraph, the term 'any person' includes the United States, all agencies and instrumentalities thereof, and all individuals, firms, corporations, or other persons acting for the United States and with the authorization and consent of the United States."
(Score: 1) by cbiltcliffe on Sunday March 30 2014, @12:55PM
The fact that there are CAs outside the US, or you could host outside the US is completely and utterly irrelevant, due to the broken design of the CA/SSL system.
As long as a single CA exists inside the US that the NSA can coerce, then a certificate can be generated which is trusted by all major browsers, regardless of the fact that you've never used that CA yourself.
Your choice of CA isn't enforced - isn't even provided to the client - by the SSL negotiation. That's why the breach at DigiNotar a while back was so serious. It didn't just compromise DigiNotar's customers. It compromised the entire SSL system.