Certification authorities do not, in general, have the private keys corresponding to the public keys they sign. Some CAs will generate a key for you and claim not to keep the private half once you download it, but any security-conscious site will opt to upload a signing request for their own public key instead.
So, that rules out the possibility of passive spying on HTTPS traffic.
As for active spying, a CA could certainly produce a certificate for a MITM attack, but many modern browsers or browser extensions will rapidly detect that, so doing it on a large scale will fail and be detected. The same goes for most security exploits: a large scale systematic exploit will not pass silently.
MITM or exploits on a small, targeted scale have some chance of working, depending on the target, but if a government-scale entity targets you personally, you're pretty much screwed anyway. HTTPS still effectively protects against a large, systematic, undetected dragnet of traffic.
This is correct. The easiest path for the NSA is simply a FISA court order. The whole cert thing is an interesting academic exercise, but probably completely unnecessary.
Suspecious username for a plant-critique "blabla". If you had read any of the CA posts you'd both know why that is the case, and also how easy it would be to test.
I can give you a private/public key, certificate, the CA (and password for that) and some traffic I've sniffed while interacting with a webserver, using the forementioned key and certificate.
Good luck decrypting the traffic. The only thing you'd be able to succesfully do is pretend that YOUR server is actually mine (and proxy from your server to mine). That's an undetected breach, and an MITM attack.
OPs point is still entirely valid. You got my private key from ME, not the CA, and even then you're unable to decrypt the traffic (past).
Yes, as a native Russian speaker there isn't a single acronym or word that makes sense to me. But maybe those are Yandex's own acronyms. Or maybe they just made some shit up for the journalist.
Btw I remember browsing the web with early versions of Netscape on X console of an i386sx server which at the same time had dozens of irc-and-whatever-doing users. The browsing experience was smoother than now.
Of course there were no flash, js and other pile of technologies. But face the facts, most of these novelties are used today to deliver the content of questionable value in a way which will make it better memes, nothing more.
If you look at it from a distance it's quite stupid use for such advancved technologies. I still believe in an idea that computers are here to free us from a boring repetitive work - to compute things for us. The outcome of it would be that average user spent less time by the computers, enjoying what he likes in a life instead. But today's situation is that the software industry is making users sitting more by the computers, because this industry is all about trading the information, memes and advertisements, luring the users into false comfort zones like social networks, ad target groups via portals and stuff like that.
It's just stupid. Flash loaders are just part of this counter-productive culture. Usually the more CPU they eat the less interesting the content showed afterwards is. It's like that because CPU-eating intro shows something about the state of mind of people who created it (or hired the creators) and most likely such people will not have anything interesting to show as a real content.
