Flutterby™! : Dark Side

Next unread comment / Catchup all unread comments User Account Info | Logout | XML/Pilot/etc versions | Long version (with comments) | Weblog archives | Site Map | | Browse Topics

Dark Side

2015-09-27 15:40:47.956221+00 by meuon 1 comments

I'm doing some legitimate research to prepare for a couple of upcoming presentations. And I've scared myself as I understand how easy some of the "theoretical" hacks out there are and how well they work. What did I do that was so scary? Trust a certificate authority that I created and then play with something that can create fake, while proxying real sites with that fake CA signed cert to the target system. I quickly caught and recovered credentials to an HTTPS basic auth site, as well as Twitter and Facebook (cookie/session auth, but captured original login/password). My local web browser: No warnings once I trusted and installed the CA root cert.

What I realize now, beyond bench racing / theory, is how important, in the current design of the net, that trusted CA's are. I really don't think they deserve the trust we have given them.

We need a better end to end mechanism.

For reference, my home playground is: OpenWRT with "Karma", and a Linux system with mitmproxy...

[ related topics: security Work, productivity and environment ]

comments in descending chronological order (reverse):

#Comment Re: Dark Side made: 2015-09-28 15:29:22.468892+00 by: Dan Lyke

Yeah, CAs are the weak point of modern HTTPS and SSL. There are some tools in place that should help detect malfeasance, and some of them do (that was what caught Symantec recently), but the whole CA model is horrendously broken for anything that matters more than, say, banking.