Security and the Net

News and opinions about security, the internet and more

Entries Tagged ‘ssl’

Attacks against SSL show interesting possibilities

The new attack against websites using SSL encryption presented at Black Hat this week shows some interesting possibilities. To recap, this is the most important part of what SSLstrip does:   SSLstrip manages to fool the user into believing he has an encrypted connection with the intended website through several clever slights on hand. First, [...]

Comments (2)

FUD about “unsafe” SSL certificates

Since the publication of the attack against RapidSSL’s certificate issuing process, numerous stories have been published about how many SSL certificates are suddenly “unsafe”. The best (or worst) example I’ve seen so far is this one at TG Daily. It starts with the following statement:

Leave a Comment

SSL: A chain of trust is only as strong as the weakest link

A presentation at 25C3 today detailed how researchers were able to create their own Certificate Authority that is recognized by all current webbrowsers, allowing them to create valid certificates for any website they like. While it’s presented as an example of why using MD5 hashes is considered harmful, it also serves as a perfect example [...]

Comments (1)