Video Screencast Help
Symantec Appoints Michael A. Brown CEO. Learn more.
Website Security Solutions

Greetings from Black Hat

Created: 30 Jul 2010 • Updated: 18 Dec 2012 • 4 comments
Tim Callan's picture
0 0 Votes
Login to vote

From an SSL perspective it was a quiet Black Hat this year. There were two presentations focused on SSL (plus one at DefCon which I didn't have the opportunity to attend).

The earlier of the two presentations came from Ivan Ristic of SSL Labs. Ivan presented the results of his large scale crawl of domains, searching for SSL Certificates and in particular checking the implementation of these certificates. The good news is that the vast bulk of installed certificates appear to be well configured in Ivan's view, but he did find significant numbers of certificates containing one or more of what he considers to be implementation errors. It was good work and helpful, even if it is incomplete and some of the conclusions are open to debate. At the very least, Ivan's research highlights the importance of proper implementation of SSL Certificates. I hope that Ivan continues developing his research and reports on a regular basis.

The other presentation focused heavily on SSL was called HTTPS Can Byte Me, by Robert Hansen and Josh Sokol. Some journalists have portrayed this presentation as a scathing indictment of the SSL protocol. I was in the presentation, and I don't agree. Even Robert and Josh were clear that most of the flaws they discovered were very minor and hard to use in practical attacks. And the good news is that even the major ones are likely to be quite addressable by those who manufacture client and server software, particular browser manufacturers. Again, good work on the part of Robert and Josh, who have helped identify potential vulnerabilities that software manufacturers can plug before they develop into full-fledged attacks.

Comments 4 CommentsJump to latest comment

thesslstorethesslstore's picture

Yeah agree with the Robert..!! As now everybody wants their sites to be HTTPS i.e. secured from every point of view..

0
Login to vote
RapidSSLOnline's picture

Hii,
It would have been great if you had brought some extracts from the DefCon presentation. Anyways, i think Ivan Ristic has done a great job in researching. The implementation and certification of an ssl somewhat depends on the issuer of the ssl certificate.

-4
Login to vote
blamysmith@hotmail.com's picture

Its really ncie and usefull as I get nice needs from here in this way want to appericiate you on your skills disscuss here to know more about celebrations and events,you can <a href="http://www.stockwellgreetings.com/">get it  Wholesale Cards</a> from here,so must get it.

-1
Login to vote
blamysmith@hotmail.com's picture

Its really ncie and usefull as I get nice needs from here in this way want to appericiate you on your skills disscuss here to know more about celebrations and events,you can get it  Wholesale Cards from here,so must get.

0
Login to vote