On 09/17/2011 06:37 PM, Marsh Ray wrote:
It's not entirely clear that a trusted CA cert is being used in this attack, however the article comes to the conclusion that HTTPS application data is being decrypted so it's the most plausible assumption.
Why is it the most plausible assumption? Isn't it far easier to replace the cryptographic libraries on PCs with one that has a "wrapper" that copies all payloads before encryption and after decryption, and transmits the payload to the snooper? Why go through the hassle of breaking a cipher when all you have to do is replace a few files on the target's PC to get what you want? Arshad Noor StrongAuth, Inc. _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography