Testing the Limits of EV Certificates
- Type
- Slides
- Tags
- hacking
- Authors
- Philippe Oechslin
- Event
- Hashdays 2010
- Indexed on
- Mar 27, 2013
- URL
- https://www.hashdays.ch/assets/files/slides/pabel_frozencache.pdf
- File name
- pabel_frozencache.pdf
- File size
- 370.2 KB
- MD5
- eafacf3dbc65757d3f8b6aba6234a940
- SHA1
- 55b8111a2358d3a21cfda51ad763ac1b283a30a1
Extended Validation certificates for TLS are more expensive and more difficult to obtain. In return they provide more trust. We want to explore the limits of this added trust. We will tie different scenarios into an attack tree and illustrate it by doing things like inserting malicious content into EV certified web sites or inserting fake EV certificates into browsers. We will also compare how different browsers react to these manipulations.
About us
Secdocs is a project aimed to index high-quality IT security and hacking documents. These are fetched from multiple data sources: events, conferences and generally from interwebs.
Statistics
Serving 8166 documents and 531.0 GB of hacking knowledge, indexed from 2419 authors from 163 security conferences.
Contribute
To support this site and keep it alive, you can click on the buttons below. Any help is really appreciated! This service is provided for free, but real money is needed to pay bills.
