[nycbug-talk] DC21, SSL all over the place...
Isaac (.ike) Levy
ike at blackskyresearch.net
Thu Aug 1 13:44:27 EDT 2013
Hi All,
Just a quick note, some interesting SSL stuff from Defcon, (happening now):
Nifty SSL nastiness (http deflate to find fragments of strings in https):
http://arstechnica.com/security/2013/08/gone-in-30-seconds-new-attack-plucks-secrets-from-https-protected-pages/
Not Defcon, but related:
"More Encryption Is Not the Solution", PHK, describes some novel
attacks for cloud/carriers to trivially demolish ssl.
http://queue.acm.org/detail.cfm?id=2508864
Pretty interesting reactions to the "encrypt everything" push for the
interenet in the last few years...
--
Does anyone have any other thoughts, urls, etc... on the "encrypt
everything" topic?
What ever happened to the CACert stuff people did years ago, and what's
the state of viability of similar projects?
Rocket-
.ike
More information about the talk
mailing list