Wednesday, 06 June 2012 06:33
Moxie Marlinspike
Secure Socket Layer (SSL) and the Internet certification authorities are flawed, said international white hat hacker and security researcher Moxie Marlinspike.
Highlighting last year’s Comodo hacks, Marlinspike argued that this was not a sophisticated attack at all, but rather due to a weakness in the SSL certificates.
He pointed out that SSL was designed in the early 1990s, when the issue of authentication was not considered as important as secrecy and integrity.
“At the time, man-in-the-middle attacks were entirely theoretical,” he said. “Now, authenticity is the issue causing the real problems. With interception, security is compromised.”
Marlinspike also noted that it is now far too easy to get an SSL certificate. He highlighted work on his Convergence SSL authentication system, which, among other benefits, allows the user to ask a series of trusted notaries to authenticate an SSL certificate.
Convergence, among its other benefits, allows for multiplicity and agility, he said.
|
Post a comment
|
Login.
Business Best Practise
