Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
Security Encryption The Internet

Researchers Find, Analyze Forged SSL Certs In the Wild 86 86

An anonymous reader writes "A group of researchers from Carnegie Mellon University and Facebook has managed to get a concrete sense of just how prevalent SSL man-in-the-middle attacks using forged SSL certificates are in the wild. Led by Lin-Shung Huang, PhD candidate at Carnegie Mellon University and, during the research, an intern with the Facebook Product Security team, they have created a new method (PDF) for websites to detect these attacks on a large scale: a widely-supported Flash Player plugin was made to enable socket functionalities not natively present in current browsers, so that it could implement a distinct, partial SSL handshake to capture forged certificates."
This discussion has been archived. No new comments can be posted.

Researchers Find, Analyze Forged SSL Certs In the Wild

Comments Filter:
  • by Anonymous Coward on Tuesday May 13, 2014 @09:58AM (#46988973)

    Many businesses implement a man in the middle server that allows them to REGEXP the HTTPS searches and connections. Generally its a proxy out with a requirement to accept the certificate which is then applied to your local to the proxy connection, but remotely your handing the company the keys to any accounts/connections used across the board.

    There is a thought of trust your admin not to log your password/financial data etc... Its all quite bizarre but someone thought it was a good idea, or didn't understand the fully risk of the implementation.

    Just business doing what business does when its unbridled and government rules are written by that same business.

  • by moof1138 (215921) on Tuesday May 13, 2014 @10:26AM (#46989217)

    It's very common for research universities to take students from around the globe. This isn't unique to the US, either. For example, here's some Oxford's PhD students in CS:

    http://www.cs.ox.ac.uk/people/... [ox.ac.uk]

    It's a very positive thing, actually. Provincialism doesn't improve research.

Never try to teach a pig to sing. It wastes your time and annoys the pig. -- Lazarus Long, "Time Enough for Love"

Working...