Please create an account to participate in the Slashdot moderation system

 


Forgot your password?
Close
typodupeerror
×
Security Encryption The Internet

Researchers Find, Analyze Forged SSL Certs In the Wild 86

Posted by timothy from the they're-out-there dept.
An anonymous reader writes "A group of researchers from Carnegie Mellon University and Facebook has managed to get a concrete sense of just how prevalent SSL man-in-the-middle attacks using forged SSL certificates are in the wild. Led by Lin-Shung Huang, PhD candidate at Carnegie Mellon University and, during the research, an intern with the Facebook Product Security team, they have created a new method (PDF) for websites to detect these attacks on a large scale: a widely-supported Flash Player plugin was made to enable socket functionalities not natively present in current browsers, so that it could implement a distinct, partial SSL handshake to capture forged certificates."
This discussion has been archived. No new comments can be posted.

Researchers Find, Analyze Forged SSL Certs In the Wild More

Researchers Find, Analyze Forged SSL Certs In the Wild

Comments Filter:

  • Idiotic slashdotters man... (Score:2, Insightful)

    by Anonymous Coward on Tuesday May 13, 2014 @10:11AM (#46989081)

    You idiots, this guy is presenting about a much larger concern of the overall insecurity of this stupid trust model we call SSL CA Cert and all you morons talk about is how much flash sucks. You guys are fuckin nuts for brains man...

  • Re:One more reason Flash sucks (Score:5, Insightful)

    by 1s44c ( 552956 ) on Tuesday May 13, 2014 @10:23AM (#46989169)

    Flash is evil and should be destroyed, I agree. But this story is about how researchers did something cool with flash to detect forged SSL certs.

    In this one case Flash isn't the security issue, it's the useful software helping to find the security issue.

Slashdot Top Deals

"If it ain't broke, don't fix it." - Bert Lantz

Close