There is a piece on theregister.co.uk today about fraudulent Google SSL certificates issued that maybe being used to create man-in-the-middle attacks on net surfers.

The problem is not new, and you should know that it is quite easy for browser trusted Certificate Authorities to issue SSL certificates that are for domains that do not belong to the domain owner - as highlighted by this case.

But there are steps you can take to ensure not even your own government can create such an attack. 

Before we talk about the proposed solution however, you need to understand how the current system works. SSL certificates currently are not just used for signaling that your connection to the web server is encrypted. It is used as a system of trust where by the authorized and trusted certificate authority gives you an assurance that the web server you're visiting is authentic, one and only.

As you maybe able to see now, if an authorized and trusted CA issues a certificate that purports to be for a certain domain for a different party. It becomes easy to trick visitors to certain sites that has had their DNS poisoned (tricked into returning different IP than the authentic one). Said visitors would be more proned into "trusting" the site and thus give their username and password to the said attacker.

I have never been a believer of the trust system in SSL. Lessons in life has taught me trust is fragile, and cannot realistically exist beyond your closest of family and friends. Thus why has this trust system manifested itself in a distributed computing environment is beyond my comprehension.

However it is clear that the system is flawed. Many others on the web also thinks so, and from CMU, a project was born to enhance the security of the internet by removing CA as the single point of trust. That is the Perspective Project.

The perspective project introduces what I believe should have long been in the internet today. A distributed authentication method, that polls anonymous sites to confirm the identity of the target web server.

In layman's term, it makes it extremely difficult for any attackers to forge websites by asking geo-graphically different sources to tell you whether they see the same you're seeing, and you get to choose the people whom you would like to tell you that as well.

Unfortunately, the Perspective Project was more for academic purposes. But the good news is that the same people who made that happen has setup a project that will take it into wider use. Convergence.io.

I would urge you to install and get yourself involved in it today. Projects like this only goes toward making the net more neutral.

Need a new CPU or graphics card? Get AMD.