SSL expert says more to man-in-the-middle than meets the eye

post Category: Linux — sokdbot @ 5:40 pm — post Comments (1)
postMay 25, 2009

Hacker groups have reported that man-in-the-middle attacks can be used to strip away the benefits of SSL security when transacting online. However, says the inventor of SSL, these are a browser problem and, moreso, theyre not so black and white.

Rate this post:

There are no related posts to this one. Have some randomness:

`
«
»

1 person has left a comment

#1

It’s no doubt a browser issue since users come to SSL by either clicking on a link or getting redirected, both of those spots are highly vulnerable to attack.

So there you have the “fake page” loaded up, misleading the user to think they’re on a legitimate, secure page, when in fact they are not. It does nothing to directly compromise the encryption, and it’s based entirely around user error.

The fix: educated users to recognize phishing, scam sites, etc. and on the other side employ more robust encryption via EV SSL, where it’s near impossible to recreate a Man-in-the-Middle attack (spoofing the green url bar or extended validation credentials)

LennyM wrote on May 26, 2009 - 9:58 am
Both comments and pings are currently closed.