Marsh Ray wrote:
But the failure of *any* single CA allows a successful attack on *every*
user connecting to *every* https website.
On 2011-09-19 2:48 PM, Arshad Noor wrote:
Would you care to explain this in more detail, Marsh?
Please feel free to frame your explanation as if you were
On 09/18/2011 11:48 PM, Arshad Noor wrote:
On 09/18/2011 01:12 PM, Marsh Ray wrote:
But the failure of *any* single CA allows a successful attack on *every*
user connecting to *every* https website.
Would you care to explain this in more detail, Marsh?
Please feel free to frame your
Hi,
http://www.meleeisland.de/issuer_ca_on_eff.csv
Oh, now it makes sense, those are mostly router certs (and various other certs
from vendors who create broken certs like the Plesk ones). You won't just
Hm. I agree that many are router certs, certainly those with brand names
of networking
On Sun, Sep 18, 2011 at 2:01 PM, James A. Donald jam...@echeque.com wrote:
SSL fails at low security stuff in that it allows phishing,
snark
You know what else fails at fighting phishing?
- The locks on my car door
- The fence surrounding my house
- The full disk encryption on my laptop
On 09/19/2011 10:53 AM, Andy Steingruebl wrote:
You know what else fails at fighting phishing?
- The locks on my car door
Hmmm, what would a phishing attack on your car door locks look like?
Perhaps someone could replace your car one night with a very
similar-looking one, then when you're
Ralph Holz h...@net.in.tum.de writes:
I am wondering if we can't get our hands on such a router and do a proof-of-
concept. Anyone in?
In terms of warkitting routers, they're pretty much all vulnerable [0], so all
you'd need to do after that is exploit the CA certs. OTOH if you can warkit
a
James A. Donald jam...@echeque.com writes:
The peers who do the peer reviewing for IDtrust, are not peers at all, but
high priests who review for doctrinal conformity to the consensus of the the
most holy synod,
I know you meant that tongue-in-cheek, but in some cases it's frighteningly
close
From: Peter Gutmann pgut...@cs.auckland.ac.nz
To: cryptography@randombit.net
Sent: Monday, September 19, 2011 2:32:21 PM
Subject: Re: [cryptography] Another data point on SSL trusted root
CA reliability (S Korea)
Ralph Holz h...@net.in.tum.de writes:
In terms of warkitting
On Mon, Sep 19, 2011 at 12:42 PM, Marsh Ray ma...@extendedsubset.com wrote:
IMHO, as far as crypto protocols go the TLS protocol itself is pretty solid
as long as the endpoints restrict themselves to negotiating the right
options.
On that note, there's a little more info coming out on the
Randall Webmail rv...@insightbb.com writes:
Does this warkitting require physical access to the router?
No, it's all remotely done.
(This is why I have two different routers from different vendors between me
and the public internet, and have had this setup for about a decade now).
Peter.
On 2011-09-20 6:48 AM, James A. Donald wrote:
On 2011-09-20 5:16 AM, Nico Williams wrote:
As for out-of-band phishing, well, that's the hardest to protect
against for the simple reason that some phishing e-mail is always
bound to get through and prey on the elderly and naive. I'm not sure
what
Good day,
We have just uploaded the following data sets we mention in our IMC paper.
Certificates found different between location China-1 and TUM, Apr 2011
Certificates found different between location China-2 and TUM, Apr 2011
Certificates found different between location Moscow and TUM, Apr
On 09/18/2011 05:11 PM, Marsh Ray wrote:
B. If your threat model considers as an adversary government A, then
you're in good company with governments B through Z. So all the comments
on won't save you from The Government, while true, are also
potentially writing off your biggest ally.
Unless,
On 2011-09-20 8:46 AM, Nico Williams wrote:
Of course. We need trusted UI paths. That's a hard problem. We know
users dislike SAS (secure attention sequences). We know people want
full-screen apps. These constraints make it almost impossible, if not
impossible to get any sort of trusted UI
On Mon, Sep 19, 2011 at 02:57:21PM -0400, Kevin W. Wall wrote:
So does anyone know anymore details on this? Specifically is it an
implementation flaw or a design flaw?
Duong Rizzo's previous work relied on padding oracle attacks whereas
this one is categorized as a chosen-plaintext attack,
On Tue, Sep 20, 2011 at 12:42 AM, James A. Donald jam...@echeque.comwrote:
On 2011-09-20 8:46 AM, Nico Williams wrote:
Of course. We need trusted UI paths. That's a hard problem. We know
users dislike SAS (secure attention sequences). We know people want
full-screen apps. These
16 matches
Mail list logo