View Single Post
  #1   (View Single Post)  
Old 12th April 2011
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,128
Default How is SSL hopelessly broken? Let us count the ways

From http://www.theregister.co.uk/2011/04..._ssl_analysis/

Quote:
Analysis Every year or so, a crisis or three exposes deep fractures in the system that's supposed to serve as the internet's foundation of trust. In 2008, it was the devastating weakness in SSL, or secure sockets layer, certificates issued by a subsidiary of VeriSign. The following year, it was the minting of a PayPal credential that continued to fool Internet Explorer, Chrome and Safari browsers more than two months after the underlying weakness was exposed.

And in 2010, it was the mystery of a root certificate included in Mac OS X and Mozilla software that went unsolved for four days until RSA Security finally acknowledged it fathered the orphan credential.

This year, it was last month's revelation that unknown hackers broke into the servers of a reseller of Comodo, one of the world's most widely used certificate authorities, and forged documents for Google Mail and other sensitive websites. It took two, seven and eight days for the counterfeits to be blacklisted by Google Chrome, Mozilla Firefox and IE respectively, meaning users of those browsers were vulnerable to unauthorized monitoring of some of their most intimate web conversations during that time.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote