[nycbug-talk] DC21, SSL all over the place...

Isaac (.ike) Levy ike at blackskyresearch.net
Thu Aug 1 13:44:27 EDT 2013


Hi All,

Just a quick note, some interesting SSL stuff from Defcon, (happening now):

Nifty SSL nastiness (http deflate to find fragments of strings in https):
http://arstechnica.com/security/2013/08/gone-in-30-seconds-new-attack-plucks-secrets-from-https-protected-pages/

Not Defcon, but related:
"More Encryption Is Not the Solution", PHK, describes some novel 
attacks for cloud/carriers to trivially demolish ssl.
http://queue.acm.org/detail.cfm?id=2508864

Pretty interesting reactions to the "encrypt everything" push for the 
interenet in the last few years...

--
Does anyone have any other thoughts, urls, etc... on the "encrypt 
everything" topic?

What ever happened to the CACert stuff people did years ago, and what's 
the state of viability of similar projects?

Rocket-
.ike





More information about the talk mailing list