An Observatory for the SSLiverse

Presented at DEF CON 18 (2010), July 30, 2010, 5 p.m. (50 minutes)

This talk reports a comprehensive study of the set of certificates currently in use on public HTTPS servers. We investigate who signed the certs, what properties they have, and whether there is any evidence of malicious certificates signed, directly or indirectly, by trusted CAs.

Presenters:

• Jesse Burns - Founding Partner, iSec Partners
  Jesse Burns is a founding partner at iSEC Partner where he performs penetration tests and manages research. Prior to founding iSEC Partners in 2004, Jesse worked in a variety of software security roles, including as a managing security architect for @Stake, and as a developer of security and directory management tools on Windows and Unix systems. He has previously spoken on topics like Android Security, fuzzing Windows IPC mechanisms, Windows Vista security, and the weaknesses of NTLM.
• Peter Eckersley - Senior Staff Technologist, Electronic Frontier Foundation
  Peter Eckersley is a Senior Staff Technologist at the Electronic Frontier Foundation. His research interests include digital copyright and alternatives to digital copyright, network neutrality and network testing, censorship circumvention and privacy enhancing technologies.

Links:

• https://defcon.org/html/defcon-18/dc-18-speakers.html#Eckersley
• https://infocon.org/cons/DEF CON/DEF CON 18/DEF CON 18 video and slides/DEF CON 18 - Peter Eckersley and Jesse Burns - An Observatory for the SSLiverse - Video and Slides.mp4 (Video and Slides)
• https://www.youtube.com/watch?v=y8iGETqIVy0

Similar Presentations:

• VB2016 / Trusted code signing abuse by malware and their exploitation of the CA verification process (sponsor presentation)
• AppSec USA 2012 / Securing the SSL channel against man-in-the-middle attacks: Future technologies - HTTP Strict Transport Security and Pinning of Certs
• BSidesDC 2017 / How to Detect Malicious Certificates in Your Spare Time