Researchers Find, Analyze Forged SSL Certs In the Wild

Posted by timothy on Tuesday May 13, 2014 @01:27AM from the they're-out-there dept.

An anonymous reader writes "A group of researchers from Carnegie Mellon University and Facebook has managed to get a concrete sense of just how prevalent SSL man-in-the-middle attacks using forged SSL certificates are in the wild. Led by Lin-Shung Huang, PhD candidate at Carnegie Mellon University and, during the research, an intern with the Facebook Product Security team, they have created a new method (PDF) for websites to detect these attacks on a large scale: a widely-supported Flash Player plugin was made to enable socket functionalities not natively present in current browsers, so that it could implement a distinct, partial SSL handshake to capture forged certificates."

3 of 86 comments (clear)

Min score:

Reason:

Sort:

More secure browsing... by Anonymous Coward · 2014-05-13 01:32 · Score: 3, Funny

brought to you by the Adobe Flash plugin!
Re:Flash? I removed Flash to avoid problems! by oodaloop · 2014-05-13 02:00 · Score: 2, Funny

Why would you remove the savior of the universe?

--
Tic-Tac-Toe, Global Thermonuclear War, and relationships all have the same winning move.
Re:Flash? I removed Flash to avoid problems! by CronoCloud · 2014-05-13 02:27 · Score: 1, Funny

"What do you mean Flash Object approaching? Open Fire, All Weapons. Send out HTML5 Ajax to bring back it's body."