Wednesday, March 24, 2010

Certified Lies: Detecting and Defeating Government Interception Attacks Against SSL

http://files.cloudprivacy.net/ssl-mitm.pdf

This paper introduces a new attack, the compelled certificate creation attack, in which government agencies compel a certificate authority to issue false SSL certificates that are then used by intelligence agencies to covertly intercept and hijack individuals' secure Web-based communications. We reveal alarming evidence that suggests that this attack is in active use. Finally, we introduce a lightweight browser add-on that detects and thwarts such attacks.

---------------------------------

Paper was authored by Christopher Soghoian & Sid Stamm.

Christopher Soghoian is a Ph.D. Candidate in the School of Informatics and Computing at Indiana University.

Sid Stamm is the Securinator @ Mozilla - at least according to his Linkedin =)

No comments:

Post a Comment