For the second year in a row I had BlackHat live demo issues. Shame on me.
Fortunately, the demo worked at Defcon. Had it not worked, however, I was prepared with a video thanks to Camtasia.
You can view the video here.
The demonstration shows a MITM using a regular SSL certificate (Domain Validated) to intercept data sent to a site protected with an Extended Validation (EV) SSL certificate. Since the browser treats the high-assurance EV certificate the same as a low-assurance DV certificate, the user is never warned about any connection downgrade. All they might notice is the "flicker" of the green EV badge.
Tuesday, August 4, 2009
BlackHat 2009 and Defcon 17: EV SSL MITM Demo
Subscribe to:
Posts (Atom)