Black Hat: SSL and the Future of Authenticity

Author: Dennis Fisher

August 31, 2011 10:00 am

The inherent problems with the certificate authority infrastructure have been known for a long time, but they’ve become even more obvious with the news of the recent compromise of DigiNotar, which resulted in the issuance of a slew of fraudulent SSL certificates. In this talk from the Black Hat USA conference earlier this month, Moxie Marlinspike discusses the issues with CAs and his suggestion to replace the whole infrastructure.

The inherent problems with the certificate authority infrastructure have been known for a long time, but they’ve become even more obvious with the news of the recent compromise of DigiNotar, which resulted in the issuance of a slew of fraudulent SSL certificates. In this talk from the Black Hat USA conference earlier this month, Moxie Marlinspike discusses the issues with CAs and his suggestion to replace the whole infrastructure.

Suggested articles

fbi warning egregor ransomware

FBI Warns of Egregor Attacks on Businesses Worldwide

The agency said the malware has already compromised more than 150 organizations and provided insight into its ransomware-as-a-service behavior.

TLS security protocol NSA

NSA Urges SysAdmins to Replace Obsolete TLS Protocols

The NSA released new guidance providing system administrators with the tools to update outdated TLS protocols.

data dump

6 Questions Attackers Ask Before Choosing an Asset to Exploit

David “moose” Wolpoff at Randori explains how hackers pick their targets, and how understanding “hacker logic” can help prioritize defenses.