Man-in-the-Middle Attacks Againt SSL
April 12th, 2010 admin
Says Matt Blaze: A decade ago, I observed that commercial certificate authorities protect you from anyone from whom they are unwilling to take money. That turns out to be wrong; they don’t even do that much. Scary research by Christopher Soghoian and Sid Stamm: Abstract: This paper introduces a new attack, the compelled certificate creation attack, in which government agencies…
Related Videos from Youtube
Bruce Schneier at EWI Cybersecurity...
TSA Safety with Bruce Schneier...12-28-2009 - Rachel Maddow - TSA Safety with Bruce Schneier
Bruce Schneier at The Rachel Maddow...Bruce Schneier at The Rachel Maddow Show (2009-12-28) Can gaps in security be filled? www.msnbc.msn.com
#IGF09 - Bruce Schneier...Bruce Schneier at the 4th Annual Meeting of the Internet Governance Forum in Sharm El Sheikh, Egypt. www.facebook.com www.twitter.com www.flickr.com Video Author: Seiiti Arata Provided under: Creative Commons Attribution-Share Alike 3.0 Unported License creativecommons.org
Related Posts
Says Matt Blaze: A decade ago, I observed that commercial certificate authorities protect you from anyone from whom they are unwilling to take money. That turns out to be wrong; they don’t even do that much. Scary research by Christopher Soghoian and Sid Stamm: Abstract: This paper introduces a new attack, the compelled certificate creation...
Nice paper: “Side-Channel Leaks in Web Applications: a Reality Today, a Challenge Tomorrow,” by Shuo Chen, Rui Wang, XiaoFeng Wang, and Kehuan Zhang. Abstract. With software-as-a-service becoming mainstream, more and more applications are delivered to the client through the Web. Unlike a desktop application, a web application is split...
Nice attack against the EMV — Eurocard Mastercard Visa — the “chip and PIN” credit card payment system. The attack allows a criminal to use a stolen card without knowing the PIN. The flaw is that when you put a card into a terminal, a negotiation takes place about how the cardholder should be authenticated: using a PIN, using...
Interesting: Who are these certificate authorities? At the beginning of Web history, there were only a handful of companies, like Verisign, Equifax, and Thawte, that made near-monopoly profits from being the only providers trusted by Internet Explorer or Netscape Navigator. But over time, browsers have trusted more and more organizations to verify...
Interesting paper: “A Practical Attack to De-Anonymize Social Network Users.” Abstract. Social networking sites such as Facebook, LinkedIn, and Xing have been reporting exponential growth rates. These sites have millions of registered users, and they are interesting from a security and privacy point of view because they store large amounts...
Related Tweets from Twitter
|
kinrowan (kinrowan) : Consumerization and Corporate IT Security (from schneier): If you're a typical wired American, you've got a bunch ... http://bit.ly/cwDCil.. Updated : 2010-09-07T15:46:00Z | Reply | View Tweet |
|
agossen (Andrew Gossen) : @jdwcornell @mstonerblog from Schneier/Mitrano analysis. Possibility (actually, certainty) of unanticipated side-effects need to be weighed.. Updated : 2010-09-07T15:26:15Z | Reply | View Tweet |
|
NewsGang (NewsGang) : Consumerization and Corporate IT Security (from schneier) http://bit.ly/ckYQKj.. Updated : 2010-09-07T15:15:08Z | Reply | View Tweet |
|
tjernlund (Erik Tjernlund) : Schneier nails it http://bit.ly/9wdkrP "security is on the losing end of this argument, and the sooner it realizes that, the better." Thx!.. Updated : 2010-09-07T14:56:26Z | Reply | View Tweet |
|
BrunoBerthezene (BrunoBerthezene) : Le spécialiste de la sécurité Bruce Schneier a tenté de construire une taxonomie des données sociales http://bit.ly/cK8dcE.. Updated : 2010-09-07T14:56:04Z | Reply | View Tweet |
Related News from Digg
Leave a comment
| Trackback
