Crypto certificates impersonating Google and Yahoo pose threat to Windows users | Ars Technica: "A blog post published Tuesday by Google security engineer Adam Langley said the fraudulent transport layer security (TLS) certificates were issued by the National Informatics Centre (NIC) of India, an intermediate certificate authority that is trusted and overseen by India's Controller of Certifying Authorities (CCA)."

My personal opinion is that many of the so-called trusted technologies that are in use on the internet have never really been properly audited or stress-tested. It's only as the malware networks reap their rewards that anyone is paying any real attention to exploits. Software is complex and hard to debug and it gets much worse when you consider a heterogenous system such as the global internet. On the plus side, a truly heterogenous system based on standards says that someone is going to emerge as a clear leader in this area.

I personally think the monolithic bloatware OS is going to be superseded in the coming years by something very minimalistic. Maybe a hypervisor. Something so small it can be completely tested and debugged.

This mad race to add OS features isn't really serving anyone. Except the marketers. In other words, people who don't have any vested long-term interest in the integrity of a user's experience. Just as long as the gloss is still the most prevalent consideration.

Oh, wait. Icon gloss has been deprecated for flat minimalistic design. By design I mean fashion fad.

Labels: certificate trust chain, security, self-signed certificates