Here is another segment from Dan Kaminsky’s talk at Toorcon 8. You can download the high quality version here. He discovered approximately 1 in 3 deployed SSL boxes share a private key. This means that you can buy a box off of eBay and read encrypted SSL traffic from any identical box. He has also got a trick for making bank logins more secure.
Dan Kaminsky’s SSL Hell
October 30, 2006 By 10 Comments