Using the protocol SSL (Secure Sockets Layer) provides secure communication between Web-server and users. Despite the fact that the protocol allows authentication not only the server and the user, in practice, only one-way authentication is used most often.
To establish SSL-connection requires that the server has a digital certificate used for authentication. The certificate is usually issued and certified by a trusted third party, which act as certification authorities (CAs).
The role of the CA is to verify the authenticity of Web-sites of different companies, allowing users, trusted to one single certification center, to be able to automatically check the authenticity of the sites whose owners have turned to the same CA.
The list of trusted certification authorities are usually stored in the registry of the operating system or browser settings. These lists are attacked by the hackers. Indeed, having given certificate to phishing site and adding fake certifying authority to the trusted CAs, you can, without causing any suspicion among the user successfully carry out an attack.
Of course, this method will require more action from phisher and respectively expenses, but users, unfortunately, often do help in stealing his data, not wishing to understand the intricacies and peculiarities of the use of digital certificates. In the force of habit or incompetence often we push the button “Yes”, not really getting a grasp in the message browser on the absence of trust in the organization that issued the certificate.
By the way, a very similar method uses some of the tools to monitor SSL-traffic. We see the recent increase in cases when the sites infected with Trojans, and themselves Trojans use SSL protocol in order to bypass gateway filtering traffic system.
Integration into the communication between the Web server and the user computer enables such solutions to replace the certificate Web-server to issued, for example, a corporate CA, and with no visible changes for the user to scan the user’s traffic by using SSL.