Black Hat 2009: Breaking SSL with null characters

July 29, 2009 By 25 Comments

Update: The video of [Moxie]‘s presentation is now online.

[Moxie Marlinspike] appeared on our radar back in February when he showed sslstrip at Black Hat DC. It was an amazing piece of software that could hijack and rewrite all SSL connections. The differences between a legitimate site and the hijacked ones were very hard to notice. He recently … Read the rest

Filed Under: cons, downloads hacks, security hacks Tagged With: , , , , , , , , ,

sslstrip, hijacking SSL in network

February 23, 2009 By 21 Comments

Last week at Black Hat DC, [Moxie Marlinspike] presented a novel way to hijack SSL. You can read about it in this Forbes article, but we highly recommend you watch the video. sslstrip can rewrite all https links as http, but it goes far beyond that. Using unicode characters that look similar to / and ? it can construct … Read the rest

Filed Under: cons, downloads hacks, security hacks Tagged With: , , , , , , , , , , ,