3 Your WWW browser contains a cache of selfsigned root CA ce

3. Your WWW browser contains a cache of self-signed root CA certificates. If a malefactor wants your browser to trust a “black market” WWW server (for example, they might want to perpetrate a phishing attack for the purpose of stealing the login/password for your bank account), what would they need to do to this cache to make that possible?

Solution

Actually these kind of attacks are caused due to human error. Since self-signed CA certficates are not trusted by WWW client. It is the duty of the user to first add it to the trust group. Unless then it won\'t be added as a trusted CA root.

Anyway if the hacker wants to add it as trust CA root, he may do the following

1) Enforce you to add it to your trust CA root by blocking the access to its content

2) He may send you a phishing popup when you unknowingly click it and add it to the trusted root CA

Normally these kind of attacks happen in the following way.

The trust root CA is added as part of the other activity like when you download files from torrent websites/Adult websites/loosely secured shopping websites these certificates are added. This is phase 1.

Since it is added already, now the hacker can enter into your browser cache anytime he may want and infiltrate your cache. This is phase 2.