Profile

unixronin: Galen the technomage, from Babylon 5: Crusade (Default)
Unixronin

Links

December 2012

S M T W T F S
      1
2345678
9101112131415
16171819202122
23242526272829
3031     

Navigation

Page Summary

Most Popular Tags

Expand Cut Tags

No cut tags

New SSLstrip attack evades SSL security

unixronin: A somewhat Borg-ish high-tech avatar (Techno/geekdom)
[personal profile] unixronin
Friday, February 20th, 2009 01:20 pm

Q:  You're a smart black-hat.  How do you quickly and easily break into a HTTPS secure connection?

A:  You don't.  You attack the underlying HTTP instead.  It's a softer target.

"People only encounter HTTPS via HTTP, so maybe we can think about starting by attacking HTTP," he said.  "Normally, if we're doing man-in-the-middle attacks against SSL, we go straight for SSL, straight after that connection.  But if SSL depends on this other protocol, why don't we look at that first?"

  • Current Location: Gilford, New Hampshire
Flat | Top-Level Comments Only

ext_85396: (Default)
[identity profile] unixronin.livejournal.com
Friday, February 20th, 2009 07:59 pm (UTC)
Precisely. "On the Internet, nobody knows you're a dog." ...Or a con-man, until it's too late.
Flat | Top-Level Comments Only