[nycbug-talk] DC21, SSL all over the place...

Charles Sprickman spork at bway.net
Sat Aug 3 20:10:38 EDT 2013

On Aug 1, 2013, at 1:44 PM, Isaac (.ike) Levy wrote:

> Hi All,
> Just a quick note, some interesting SSL stuff from Defcon, (happening now):
> Nifty SSL nastiness (http deflate to find fragments of strings in https):
> http://arstechnica.com/security/2013/08/gone-in-30-seconds-new-attack-plucks-secrets-from-https-protected-pages/

Well, that might be scary, but this could really scare the crap out of you:


Sorry.  I had to share that.  I think it marks some kind of sea-change that I couldn't even fathom 20 years ago.


> Not Defcon, but related:
> "More Encryption Is Not the Solution", PHK, describes some novel attacks for cloud/carriers to trivially demolish ssl.
> http://queue.acm.org/detail.cfm?id=2508864
> Pretty interesting reactions to the "encrypt everything" push for the interenet in the last few years...
> --
> Does anyone have any other thoughts, urls, etc... on the "encrypt everything" topic?
> What ever happened to the CACert stuff people did years ago, and what's the state of viability of similar projects?
> Rocket-
> .ike
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk

More information about the talk mailing list