Hi. I'm Akshay Rangnekar, and this is my tumblelog. It is mostly random thoughts, links and pictures related to technology, entrepreneurship and strategy. If you have any comments or suggestions, my email is [firstname.lastname at GMail].

A rogue CA? Now that's dangerous.

Well this is a new one for me. Rather than look for a short term phishing attack, I’m now getting spam that is targeting a nice long-term compromise of my machine:

"Beginning March 17, 2009, the Northern Trust Business Passport Center will use a new Certification Authority (CA) to issue end-user certificates. If no one in your organization has a digital certificate, you will need to download your primary digital certificate file. Installation is quick and simple.

Proceed for further information:"

Installing a new Certificate Authority is a great idea for a hostile. Opens up all sorts of attack vectors that would normally be protected by lots of browser warnings. I’m impressed, and a little bit scared.