Ralph Holz <[email protected]> writes:
>I am wondering if we can't get our hands on such a router and do a proof-of-
>concept. Anyone in?
In terms of warkitting routers, they're pretty much all vulnerable [0], so all
you'd need to do after that is exploit the "CA" certs. OTOH if you can warkit
a router you can also drop sslstrip on it, and at that point it's game over
for the user whether you have a CA cert or not.
Peter.
[0] "All" meaning that every brand that researchers could get their hands on
proved vulnerable.
_______________________________________________
cryptography mailing list
[email protected]
http://lists.randombit.net/mailman/listinfo/cryptography