Another SSL Attack


A short time ago I mentioned the vulnerability in certificates that are signed with MD5. Well I have just finished watching the presentation from Blackhat DC 2009 that details a different attack on SSL. Its a very simple attack and the take away here is that you don’t have to defeat SSL to defeat SSL!

Check the presentation over at Be sure to make sure you watch the video, not just read the slides, it makes a lot more sense with the audio. Official video link here

Edit: There is a five minute chat with the presenter on you tube here


comments powered by Disqus