Significant portion of HTTPS Web connections made by forged certificates

JEDIYoda

Lifer
Jul 13, 2005
33,986
3,320
126
Computer scientists have uncovered direct evidence that a small but significant percentage of encrypted Web connections are established using forged digital certificates that aren't authorized by the legitimate site owner.
 

seepy83

Platinum Member
Nov 12, 2003
2,132
3
71
In other words, Man-in-the-Middle attacks against TLS/SSL are real, and this is just some more proof of it.

I'll be reading the paper that this article is based off of to see what the real numbers look like. This piece from the ars article:
"The vast majority of unauthorized credentials were presented to computers running antivirus programs from companies including Bitdefender, Eset, and others. Commercial firewall and network security appliances were the second most common source of forged certificates."​
says that almost all of the forged certs they detected were from legit security products. I want to see the numbers to know what percentage were known bad actors.