Jump to content
prodil89

Certi�ed Lies: Detecting and Defeating Government Interception Attacks Against SSL

By prodil89, in Linkuri

Recommended Posts

prodil89 Newbie

prodil89

Posted
Posted
"This paper introduces the compelled cer-

ticate creation attack, in which government

agencies may compel a certicate authority to

issue false SSL certicates that can be used by

intelligence agencies to covertly intercept and

hijack individuals' secure Web-based commu-

nications. Although we do not have direct ev-

idence that this form of active surveillance is

taking place in the wild, we show how prod-

ucts already on the market are geared and mar-

keted towards this kind of use|suggesting such

attacks may occur in the future, if they are

not already occurring. Finally, we introduce

a lightweight browser add-on that detects and

thwarts such attacks."

[url]http://files.cloudprivacy.net/ssl-mitm.pdf[/url]

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...