Tuesday, March 24, 2009

Subprime PKI and SSL Rebinding

I'm on my way out of Vancouver today after an awesome time at CanSecWest 2009. Met alot of awesome people, and learned some cool new tech.

The talk Alex and I gave, "Subprime PKI: EV SSL certs and MD5 Collisions", was also well received. We'll be releasing our paper and source code soon, but until then, here is a screen shot of a MITM attack against an EV SSL protected web site from our live demo (note the presence of the "green glow" in the browser).

Thanks to Garett Gee for the photo. You can check out the rest of his photos here.