Hot on the heals of last weeks package loss in transit by Citibank, comes the announcement that 40 MILLION credit card numbers have been leaked by a cracker getting into CardSystems Solutions, a third party processing company of credit cards.

So I must ask once more, why do supposedly open source browser vendors keep spreading FUD that we are such a risk, when clearly 6 weeks running the US banking industry has gotten black eye after black eye with horrifically escalating breaches of private and financial information.

I’ll propose my question again, how can any CA breach be even on par with a major browser security breach. Bugs are patched and people are encouraged to upgrade, and life goes on every day, why are SSL certificates treated in such religious and completely incorrect notions of the real world we live in. Fair enough things may have started out much differently but that isn’t the reality we live in today or for the next 5 years to come.

The short version is SSL started out as a solution looking for a problem, and along came a few commercial CAs thinking they could rake in millions if not billions by doing annual ID checks, in the end they had to settle for protecting link layer security and selling snake oil about what was really being protected, after all the latest example proves time and time again the biggest risk and problem is protecting end points, and NOT the link layer.

So please tell me again why are we such a threat!?