Thursday, May 27, 2010

Defeating SSL

Defeating SSL via man in the middle attacks, SSL Striping - “Moxie Marlinspike - More Tricks for Defeating SSL”.

16 minutes in – what is a certificate

19 minutes in – what is wrong with the certificate provisioning process today

23 minutes in – null characters in certificate CN – how to get a certificate with someone else’s domain name – SCARY!

30 minutes in – long code will have some bug – this time it is in NSS which is used in Mozilla browsers.

 

Notes:

NSS - http://www.mozilla.org/projects/security/pki/nss/ssl/

No comments: