Breaking the Security Myths of Extended Validation SSL Certificates Alexander Sotirov, Mike Zusman

Channel:
United States All Hacking Cons
Subscribers:
5,970
Published on ● Video Link: https://www.youtube.com/watch?v=h0UenpPk0EQ


Duration: 1:07:01
41 views
0

Breaking the security myths of Extended Validation SSL Certificates

Extended Validation (EV) SSL certificates have been touted by Certificate Authorities and browser vendors as a solution to the poor validation standards for issuing traditional SSL certificates. It was previously thought that EV certificates are not affected by attacks that allow malicious hackers to obtain a non-EV SSL certificate, such as the MD5 collision attack or the widely publicized failures of some CAs to validate domain ownership before issuing certificates.

Unfortunately, it turns out that the security offered by EV certificates is not any better than the security of even the cheapest $12 SSL certificate. In this talk we will show how any attacker who can obtain a non-EV SSL certificate for a website can perform completely transparent man-in-the-middle attacks on any SSL connection to that site, even if the website is protected is by an EV certificate and the users are diligently inspecting all information contained in the SSL certificates.Black Hat - USA - 2009
Hacking conference
#hacking, #hackers, #infosec, #opsec, #IT, #security



Other Videos By All Hacking Cons


2021-12-28MetaPhish pt 2 Val Smith, Colin Ames & David Kerb Black Hat - USA - 2009
2021-12-28Embedded Management Interfaces Hristo Bojinov, Elie Bursztein, Dan Boneh
2021-12-28Metasploit Autopsy Reconstructing the Crime Scene Peter Silberman, Steve Davis
2021-12-28Fuzzing the Phone in Your Phone Charlie Miller, Collin Mulliner Black Hat - USA - 2009
2021-12-28Exploiting Rich Content Riley Hassell Black Hat - USA - 2009
2021-12-28Mo’ Money Mo’ Problems Jeremiah Grossman, Trey Ford Black Hat - USA - 2009
2021-12-28Gizmo Rachel Engel Black Hat - USA - 2009
2021-12-28Exploratory Android Surgery Jesse Burns Black Hat - USA - 2009
2021-12-28Breaking the “Unbreakable” Oracle with Metasploit Chris Gates Black Hat - USA - 2009
2021-12-28Global Spying Steve Topletz, Jonathan Logan, Kyle Williams
2021-12-28Breaking the Security Myths of Extended Validation SSL Certificates Alexander Sotirov, Mike Zusman
2021-12-28More Tricks for Defeating SSL Moxie Marlinspike Black Hat - USA - 2009
2021-12-28Fast & Furious Reverse Engineering with TitanEngine Mario Vuksan, Tomislav Pericin
2021-12-28Hacker Court 1 2 Panel Black Hat - USA - 2009
2021-12-28Metasploit Telephony Druid Black Hat - USA - 2009
2021-12-28Clobbering the Cloud Haroon Meer, Nick Arvanitis, Marco Slaviero
2021-12-28Netscreen of the Dead Graeme Neilson Black Hat - USA - 2009
2021-12-28Fight Against 1 Day Exploits Jeongwook Oh Black Hat - USA - 2009
2021-12-28Hacker Court 2 2 Panel Black Hat - USA - 2009
2021-12-28Our Favorite XSS Filters and How to Attack Them Eduardo Vela Nava, David Lindsay
2021-12-28A 16 bit Rootkit and Second Generation Zigbee Chips Travis Goodspeed


Tags:
data
hacker
security
computer
cyber
internet
hacking
attack
digital
virus
hack
online
crime
password
code
concept
thief
protection
network
scam
malware
secure
identity
criminal
phishing
access
safety
theft
system
firewall
communication
business
privacy
binary
account
spy
programmer
program
spyware
hacked
hacking conference
conference
learn
how to
2022
2021
cybersecurity
owned
break in
google
securing
exploit
exploitation
recon
social engineering
Alexander Sotirov
Mike Zusman