[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Hyperlink Spoofing: an attack on SSL server authentication

To: [email protected] (Frank O'Dwyer)
Subject: Re: Hyperlink Spoofing: an attack on SSL server authentication
From: Adam Shostack <[email protected]>
Date: Sat, 4 Jan 1997 10:03:14 -0500 (EST)
Cc: [email protected], [email protected]
In-Reply-To: <[email protected]> from Frank O'Dwyer at "Jan 4, 97 12:59:22 pm"
Sender: [email protected]

Ed Felten of Princeton presented something similar at the Dimacs
Network Threats workshop in November 96.

Frank O'Dwyer wrote:
| 
| I've written up an attack on SSL server authentication at
|      
| 	http://www.iol.ie/~fod/sslpaper/sslpaper.htm
| 
| As far as I am aware, this attack hasn't been written about before.
| It does not attack the SSL protocol or low-level cryptography, but works
| at a higher level in order to persuade users to connect to fake servers, 
| with the browser nonetheless giving all the usual appearances of a 
| secure session.


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume

Follow-Ups:
- Re: Hyperlink Spoofing: an attack on SSL server authentication
  - From: "Frank O'Dwyer" <[email protected]>

References:
- Hyperlink Spoofing: an attack on SSL server authentication
  - From: "Frank O'Dwyer" <[email protected]>

Prev by Date: Ecash naysayers
Next by Date: Re: Naive Export Question
Prev by thread: Hyperlink Spoofing: an attack on SSL server authentication
Next by thread: Re: Hyperlink Spoofing: an attack on SSL server authentication
Index(es):
- Date
- Thread