An Observatory for the SSLiverse

Presented at DEF CON 18 (2010), July 30, 2010, 5 p.m. (50 minutes).

This talk reports a comprehensive study of the set of certificates currently in use on public HTTPS servers. We investigate who signed the certs, what properties they have, and whether there is any evidence of malicious certificates signed, directly or indirectly, by trusted CAs.


Presenters:

  • Peter Eckersley - Senior Staff Technologist, Electronic Frontier Foundation
    Peter Eckersley is a Senior Staff Technologist at the Electronic Frontier Foundation. His research interests include digital copyright and alternatives to digital copyright, network neutrality and network testing, censorship circumvention and privacy enhancing technologies.
  • Jesse Burns - Founding Partner, iSec Partners
    Jesse Burns is a founding partner at iSEC Partner where he performs penetration tests and manages research. Prior to founding iSEC Partners in 2004, Jesse worked in a variety of software security roles, including as a managing security architect for @Stake, and as a developer of security and directory management tools on Windows and Unix systems. He has previously spoken on topics like Android Security, fuzzing Windows IPC mechanisms, Windows Vista security, and the weaknesses of NTLM.

Links:

Similar Presentations: