Some updates after closer reading of the research material:
First: This is somewhat more dangerous than I first thought, because a bogus certificate that appears to be signed by a valid CA will by happily accepted by browsers regardless of which CA signed the valid cert used by the valid server.
Say John usually accesses his bank, Big Mutual bank at bigmu.com. John receives a phishing email that takes him to bigmu.net instead. The name is similar, and heck, he even sees the little lock icon, telling him he's got a good SSL connection, so the certificate is good, right? Wrong, the certificate is bogus, signed by a fake intermediate CA, that appears to be signed by a valid CA, but it's not the same CA that bigmu.com normally uses. That doesn't matter, because the browser doesn't know or care who bigmu.com's CA usually is. (And even if it did, bigmu.com isn't bigmu.net, so it wouldn't associate them anyway) All it cares about is a valid certificate and a good SSL connection, and it lights up the lock icon, make the user feel happy and shiny.
Second: I didn't really talk enough about the resources required to craft the bogus certs. This has only been tested with one CA, that happens to not only hash with MD5 and uses sequential serial numbers for their certs. It took them several attempts over the space of four weekends to get certs with the desired serial number and validity period. The various attempts cost over $650 in payments to the root CA. Of course, once they've got that cert on precious intermediate CA cert, they can sign all they want for whoever they want...
3 comments:
In that case, this kind of question should not be taken from any show telecasted in specific country.
Anna had been looking through my phone while I was
naked. The buccal cavity is a small cavity that has
neither jaws nor teeth.
Here is my web blog good pub quiz names
(Thank you rounds are always welcome, of course.
You must definitely be planning to make it
special and memorable by keeping a good theme, ordering the best food and choosing the best games.
Ask your local club to run this for you.
my page; Free Quiz Answer Sheets
Upon returning to the starting line, the first player
must pass the sugar cube to the next teammate in line
and so on. At the end of the party all of the papers write down who they think was the prohibition agent.
I hope you have fun planing a birthday party for your
tween, I hope my birthday party ideas for tween's helped you.
my webpage - Orlando Lodging
Post a Comment