Dumb question
I've only covered surface level knowledge (Net+ and A+) of IT security so bear with me.
If criminals did steal one or more SSL certificates, they could use them to conduct ???man-in-the-middle??? attacks, tricking users into thinking they were at a legitimate site when in fact their communications were being secretly intercepted. Or they could use them to ???secure???fake websites that seem to be legitimate copies of popular Web services, using the bogus domains to steal information or plant malware.
So does the above pertain to verisign protected sites only? Or all companies? Couldn't we avoid verisign protected sites for a while until they have all of this mess cleared up?
