[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Hyperlink Spoofing: an attack on SSL server authentication

To: Adam Shostack <[email protected]>
Subject: Re: Hyperlink Spoofing: an attack on SSL server authentication
From: "Frank O'Dwyer" <[email protected]>
Date: Sat, 04 Jan 1997 15:55:58 +0000
cc: [email protected], [email protected]
In-reply-to: Your message of "Sat, 04 Jan 1997 10:03:14 EST." <[email protected]>
Sender: [email protected]


> Ed Felten of Princeton presented something similar at the Dimacs
> Network Threats workshop in November 96.

Jim Truitt just posted a link for their paper, which I've linked
off my page. Although it incorporates most of the same 
ground as my stuff, I think I have shown some additional
vulnerabilities and (more importantly) some new fixes.

Cheers,
Frank O'Dwyer.

> Frank O'Dwyer wrote:
> | 
> | I've written up an attack on SSL server authentication at
> |      
> | 	http://www.iol.ie/~fod/sslpaper/sslpaper.htm
> | 
> | As far as I am aware, this attack hasn't been written about before.
> | It does not attack the SSL protocol or low-level cryptography, but works
> | at a higher level in order to persuade users to connect to fake servers, 
> | with the browser nonetheless giving all the usual appearances of a 
> | secure session.
> 
> 
> -- 
> "It is seldom that liberty of any kind is lost all at once."
> 					               -Hume
> 
>

References:
- Re: Hyperlink Spoofing: an attack on SSL server authentication
  - From: Adam Shostack <[email protected]>

Prev by Date: Re: Modified Token Posting Scheme
Next by Date: Atoms vs Bits
Prev by thread: Re: Hyperlink Spoofing: an attack on SSL server authentication
Next by thread: Re: Secret-Sharing Algorithm
Index(es):
- Date
- Thread