Heads up, SSL appears to be completely cracked!

http://arstechnica.com/tech-policy/n...overnments.ars



A collection of documents recently published by Wikileaks casts a light on surveillance vendors who sell intrusive monitoring technology to governments and law enforcement agencies. This growing industry—which serves countries around the world—offers the ability to monitor entire populations and circumvent the privacy and security safeguards built into conventional consumer technology.

In our report last week, we highlighted DigiTask, a German company that sells malware for law enforcement investigations. The company's marketing materials says that its software, which is deployed through zero day exploits, can intercept encryption keys to provide law enforcement agents with access to encrypted communications. DigiTask is just one of the many vendors who produce such software. In this article, we will give you a brief look at some of the marketing material that was included in the Wikileaks Spy Files.

Paladion

Paladion, which describes itself as "the fastest growing information security company" in Asia, sells monitoring and filtering tools to corporations, law enforcement agencies, and governments.

One of the Paladion products is an "SSL Interception and Decryption System" that is designed to snoop on encrypted communications. The company's marketing material explicitly advertises it as a tool for executing covert man-in-the-middle attacks against surveillance targets. The brochure also specifically highlights the system's ability to track encrypted banking transactions and GMail communication



(more on link)
I need to pull my pants up now, my Dork is showing!