certificate authority

Black Hat 2009: Breaking SSL with null characters

posted Jul 29th 2009 2:56pm by Eliot Phillips
filed under: cons, downloads hacks, security hacks

Update: The video of [Moxie]’s presentation is now online.

[Moxie Marlinspike] appeared on our radar back in February when he showed sslstrip at Black Hat DC. It was an amazing piece of software that could hijack and rewrite all SSL connections. The differences between a legitimate site and the hijacked ones were very hard to notice. He recently stumbled across something thing that makes the attack even more effective.

Read the rest of this entry »

Comments [25]

25C3: Hackers completely break SSL using 200 PS3s

posted Dec 30th 2008 9:40am by Eliot Phillips
filed under: cons, security hacks

ps31

A team of security researchers and academics has broken a core piece of internet technology. They made their work public at the 25th Chaos Communication Congress in Berlin today. The team was able to create a rogue certificate authority and use it to issue valid SSL certificates for any site they want. The user would have no indication that their HTTPS connection was being monitored/modified.

Read the rest of this entry »