Slashdot Mirror

← Back to Stories (view on slashdot.org)

Researchers Find, Analyze Forged SSL Certs In the Wild

Posted by timothy on from the they're-out-there dept.

An anonymous reader writes "A group of researchers from Carnegie Mellon University and Facebook has managed to get a concrete sense of just how prevalent SSL man-in-the-middle attacks using forged SSL certificates are in the wild. Led by Lin-Shung Huang, PhD candidate at Carnegie Mellon University and, during the research, an intern with the Facebook Product Security team, they have created a new method (PDF) for websites to detect these attacks on a large scale: a widely-supported Flash Player plugin was made to enable socket functionalities not natively present in current browsers, so that it could implement a distinct, partial SSL handshake to capture forged certificates."

1 of 86 comments (clear)

  1. Re:Another foreign PhD at an American University by moof1138 · · Score: 3, Informative

    It's very common for research universities to take students from around the globe. This isn't unique to the US, either. For example, here's some Oxford's PhD students in CS:

    http://www.cs.ox.ac.uk/people/...

    It's a very positive thing, actually. Provincialism doesn't improve research.

    --

    Hyperbole is the worst thing ever.