SSL is not enough any more

Apparently, SSL for our website connections is not enough any more.

Guys from the Chaos Computer Club (CCC on wikipedia, here their rocket at the What the Hack 2005 I attended) managed to create a rogue certificate authority, using it to issue valid ssl ceritificates for every website they wanted.

So what they did actually? They found a way, using the CPU horsepower of 200 PS3s, to create a "man in the middle attack" tecnique using SSL certificates, breaking the SSL core.

Below a flow chart to better understand how everything could be used against you. :)

orangeek Wednesday 31 December 2008 at 5:43 pm | | tech
Used tags: , , , , , ,

No comments

Emoticons
I'm sorry but the spammers out there are too many
(register/login)
Remember personal info?
Notify
Hide email
Small print: All html tags except <b> and <i> will be removed from your comment. You can make links by just typing the url or mail-address.
| Home |