![]() (ideally, on an ongoing basis) 6Ĩ Observatory Infrastructure Collection: Three low end Linux servers with only 2GB ram Good, shared 100Mbs network connection NMap with poor timings, some python 2-3 months worth of patience Analysis: 1 year old i920 server with a new fast disk and 12G ram 2 little laptops Lots of crazy scripts, OpenSSL and a database OpenSSL Currently vaporware: Distribution (coming soon) Some web query forms Full datasets (via BitTorrent) 8ĩ 1. ![]() 1 An Observatory for the SSLiverse Peter Eckersley, Jesse Burns Defcon 18, Las Vegas, USA July, 2010Ģ Quick overview Electronic Frontier Foundation, funded by NL Net with volunteer help from isec Partners Collected x.509 Certificates used for HTTPS on the internet Looked for odd behavior, checking up on CAs Identified trusted intermediaries foreign, security agencies, companies Weird, wonderful and suspicious certificates found Noted interesting behaviors of servers & clients Will be opening data for further reviewģ Agenda Why we need an HTTPS Observatory Data Collection Technique Results Summary Interesting Questions Vulnerabilities Conclusions Future work 3ĥ Why We Need an HTTPS Observatory HTTPS is a rather important protocol! Certificate Authority The words cry out for accountability & transparency Several recent exploits based on CA mistakes Trust model: 1 of N CAs (N is large) Just how large is N, exactly? Who are these CAs we trust & what s going on? 5Ħ How do we get an HTTPS Observatory Let's download all the SSL certificates and build a dataset that everyone can study.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |