[nycbug-talk] DC21, SSL all over the place...
Charles Sprickman
spork at bway.net
Sat Aug 3 20:10:38 EDT 2013
On Aug 1, 2013, at 1:44 PM, Isaac (.ike) Levy wrote:
> Hi All,
>
> Just a quick note, some interesting SSL stuff from Defcon, (happening now):
>
> Nifty SSL nastiness (http deflate to find fragments of strings in https):
> http://arstechnica.com/security/2013/08/gone-in-30-seconds-new-attack-plucks-secrets-from-https-protected-pages/
>
Well, that might be scary, but this could really scare the crap out of you:
https://www.trustwave.com/spiderlabs/advisories/TWSL2013-020.txt
Sorry. I had to share that. I think it marks some kind of sea-change that I couldn't even fathom 20 years ago.
Charles
> Not Defcon, but related:
> "More Encryption Is Not the Solution", PHK, describes some novel attacks for cloud/carriers to trivially demolish ssl.
> http://queue.acm.org/detail.cfm?id=2508864
>
> Pretty interesting reactions to the "encrypt everything" push for the interenet in the last few years...
>
> --
> Does anyone have any other thoughts, urls, etc... on the "encrypt everything" topic?
>
> What ever happened to the CACert stuff people did years ago, and what's the state of viability of similar projects?
>
> Rocket-
> .ike
>
>
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk
More information about the talk
mailing list