http://files.cloudprivacy.net/ssl-mitm.pdf
This paper introduces a new attack, the compelled certificate creation attack, in which government agencies compel a certificate authority to issue false SSL certificates that are then used by intelligence agencies to covertly intercept and hijack individuals' secure Web-based communications. We reveal alarming evidence that suggests that this attack is in active use. Finally, we introduce a lightweight browser add-on that detects and thwarts such attacks.
---------------------------------
Paper was authored by Christopher Soghoian & Sid Stamm.
Christopher Soghoian is a Ph.D. Candidate in the School of Informatics and Computing at Indiana University.
Sid Stamm is the Securinator @ Mozilla - at least according to his Linkedin =)
No comments:
Post a Comment