[Owasp-Recife] Fwd: [Owasp-leaders] Fake SSL Certs flood market

Caio Dias caio.dias at owasp.org
Tue Feb 18 17:44:38 UTC 2014


Esta cada dia pior, e muitos nem sequer estão atentos.

"Fake certificates alone are not enough to allow an attacker to carry out a
man-in-the-middle attack. He would also need to be in a position to
eavesdrop the network traffic flowing between the victim's mobile device
and the servers it communicates with. In practice, this means that an
attacker would need to share a network and internet connection with the
victim, or would need to have access to some system on the internet between
the victim and the server. Setting up a rogue wireless access point is one
of the easiest ways for an individual to carry out such attacks, as the
attacker can easily monitor all network traffic as well as influence the
results of DNS lookups (for example, making *www.examplebank.com
<http://www.examplebank.com>* resolve to an IP address under his control). "



---------- Forwarded message ----------
From: Gregory Disney <gregory.disney at owasp.org>
Date: Fri, Feb 14, 2014 at 7:25 PM
Subject: [Owasp-leaders] Fake SSL Certs flood market
To: "owasp-leaders at lists.owasp.org" <owasp-leaders at lists.owasp.org>


http://news.netcraft.com/archives/2014/02/12/fake-ssl-
certificates-deployed-across-the-internet.html


_______________________________________________
OWASP-Leaders mailing list
OWASP-Leaders at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-leaders



-- 
Caio Dias
<https://about.me/caiodias>https://about.me/caiodias
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-recife/attachments/20140218/4a56b936/attachment.html>


More information about the Owasp-recife mailing list