Gogo Inflight Internet Serves Up 'Man-in-the-Middle' with Fake SSL (CIO and CSO Online)
From CIO.com : Read the entire article HERE
When a third party inserts itself between a user and a destination website and uses fake SSL certificates in an attempt to cover it up, it's usually known as a "man-in-the-middle" attack, and offers an opportunity for outsiders to eavesdrop on conversations and steal credentials.
Four days ago, Google Chrome security engineer Adrienne Porter Felt was on an flight where she was using Gogo's in-flight Internet -- and discovered that Gogo was issuing fake Google certificates....
According to Francis Turner, VP of Research at Carlsbad, CA-based ThreatSTOP Inc., Gogo's approach also has usability consequences.
A user who is, say, visiting one of the sites that Gogo set up the proxy for would set off browser alarms because there is no way to distinguish between Gogo's fake certificate and a malicious one.
Chrome, for example, detects that the certificate is invalid and makes it hard to continue to the site, said Turner.
Read the rest of the article at CSO Online