Proto\u017ee v\u00e1m cht\u011bli podstr\u010dit vlastn\u00ed reklamy.<\/strong><\/p>\nTeorie v pozad\u00ed<\/h3>\n
Teoreticky je tak\u00e9 mo\u017en\u00e9 to cel\u00e9 obej\u00edt. V\u00fdrobci opera\u010dn\u00edch syst\u00e9m\u016f, webov\u00fdch prohl\u00ed\u017ee\u010d\u016f a obecn\u011b softwaru k n\u011bmu p\u0159ikl\u00e1daj\u00ed i seznam d\u016fv\u011bryhodn\u00fdch certifika\u010dn\u00edch autorit. A \u00fato\u010dn\u00edkovi t\u00edm p\u00e1dem sta\u010d\u00ed dostat se do takov\u00e9ho seznamu a m\u016f\u017ee si generovat certifik\u00e1ty s\u00e1m. V kombinaci s podvr\u017een\u00fdmi DNS servery to je opravdu smrteln\u00e1 kombinace. Takov\u00fd \u00fato\u010dn\u00edk v\u00e1s rovnou p\u0159esm\u011bruje sv\u00fdm DNS serverem k sob\u011b > zpracuje v\u00e1\u0161 dotaz > po\u0161le v\u00e1m sv\u016fj d\u016fv\u011bryhodn\u00fd certifik\u00e1t > va\u0161\u00ed zpr\u00e1vu za\u0161ifruje re\u00e1ln\u00fdm certifik\u00e1tem a po\u0161le serveru a pak u\u017e komunikace prob\u00edha stejn\u011b jak jsem popsal v\u00fd\u0161e.<\/p>\n
DigiNotar<\/h3>\n
Pro zaj\u00edmavost, do\u0161lo u\u017e i ke kompromitaci\u00a0 Nizozemsk\u00e9 certifika\u010dn\u00ed autority DigiNotar. N\u011bjak\u00fdm zp\u016fsobem se poda\u0159ilo vygenerovat certifik\u00e1t pro Google a ten se n\u011bjak dostal do \u00cdr\u00e1nu. A d\u00edky tomu se poda\u0159ilo prov\u00e9st man in the middle \u00fatok na obrovsk\u00e9 spoust\u011b u\u017eivatel\u016f. A v\u0161ichni vid\u011bli zelen\u00fd z\u00e1mek s n\u00e1pisem Google a netu\u0161ili, \u017ee se cokoliv d\u011bje. Samoz\u0159ejm\u011b se na to p\u0159i\u0161lo, n\u011bkdo nep\u0159im\u011b\u0159en\u011b paranoidn\u00ed si rozkliknul detaily toho zelen\u00e9ho prou\u017eku a p\u0159i\u0161lo mu divn\u00e9, \u017ee by Googlu podepisovala certifik\u00e1t n\u011bjak\u00e1 firma v Nizozemsku. Napsal to kamsi na f\u00f3rum a cel\u00e9 to prasklo. Jen\u017ee naprost\u00e1 v\u011bt\u0161ina u\u017eivatel\u016f si toho nev\u0161imla. Prost\u011b se p\u0159ihl\u00e1sila do gmailu, v\u0161echno bylo fajn, ale jejich maily si \u010detl n\u011bkdo dal\u0161\u00ed (krom\u011b p\u0159\u00edjemce a googlu samoz\u0159ejm\u011b). Toho \u00fatoku si kupodivu nev\u0161iml ani google, kter\u00fd z\u0159ejm\u011b m\u011bl pozorovat podivn\u00fd n\u00e1r\u016fst provozu z jednoho m\u00edsta. Firma z pochopiteln\u00fdch d\u016fvod\u016f zbankrotovala, pro\u010d by ostatn\u011b n\u011bkdo cht\u011bl certifik\u00e1t od firmy kter\u00e9 nikdo nev\u011b\u0159\u00ed.<\/p>\n
Trocha konspirac\u00ed navrch<\/h3>\n
Obecn\u011b se tak n\u011bjak tu\u0161\u00ed, \u017ee vl\u00e1dy dok\u00e1\u017eou ud\u011blat tot\u00e9\u017e. Jenom\u017ee jsou to vl\u00e1dy, tak\u017ee leg\u00e1ln\u011b. Bu\u010fto m\u016f\u017eou na\u0159\u00eddit certifika\u010dn\u00ed autorit\u011b aby jim vygenerovala a podepsala vlastn\u00ed certifik\u00e1t a nebo je\u0161t\u011b jednodu\u0161eji m\u016f\u017eou od \u0159e\u010den\u00e9 autority dostat (ukr\u00e1st?) priv\u00e1tn\u00ed kl\u00ed\u010de, kter\u00e9 pou\u017e\u00edvaj\u00ed k zamyk\u00e1n\u00ed certifik\u00e1t\u016f a pak si vesele generovat certifik\u00e1ty podle libosti. Pravd\u011bpodobn\u011b to je tak, \u017ee to je mo\u017en\u00e9, ale pou\u017e\u00edv\u00e1 se to jenom pokud nen\u00ed jin\u00e1 mo\u017enost. Proto\u017ee v okam\u017eiku kdy by se to provalilo tak by nechali zbankrotovat velkou spole\u010dnost\/i a odkryli vlastn\u00ed karty.<\/p>\n","protected":false},"excerpt":{"rendered":"
Relativn\u011b b\u011b\u017en\u00fd typ po\u010d\u00edta\u010dov\u00e9ho \u00fatoku s bohatou histori\u00ed, kter\u00fd velmi jednodu\u0161e umo\u017enil prvn\u00ed hacker\u016fm \u0161m\u00edrovat co d\u011bl\u00e1te na internetu.<\/p>\n","protected":false},"author":1,"featured_media":4904,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[],"class_list":["post-4762","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-bezpecnost-wordpressu"],"_links":{"self":[{"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/posts\/4762"}],"collection":[{"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/comments?post=4762"}],"version-history":[{"count":0,"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/posts\/4762\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/media\/4904"}],"wp:attachment":[{"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/media?parent=4762"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/categories?post=4762"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/tags?post=4762"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
![\"\"](\"https:\/\/affinite.io\/cs\/wp-content\/uploads\/sites\/2\/2017\/11\/mim.png\")
<\/a>P\u016fvodn\u00ed n\u00e1vrh \u0159e\u0161en\u00ed<\/h3>\n