HTTPS Can Byte Me presented at BlackHatAbuDhabi 2010

by Robert J. Hansen,

URL : https://media.blackhat.com/bh-ad-10/Hansen/Blackhat-AD-2010-Hansen-Sokol-HTTPS-Can-Byte-Me-slides.pdf

Summary : HTTPS was created to protect confidentiality and prove integrity of content passed over the web. It has essentially become the de-facto standard for internet commerce transport security. Over the years a number of exploits have attacked the principle, underlying PKI infrastructure and overall design of HTTPS. This presentation will drive another nail in the HTTPS coffin through a number of new exploitation techniques leveraging man-in-the-middle attacks; the goal of which is to break confidentiality and integrity of HTTPS traffic. The impact of these flaws suggests a need for changes in the ways we protect the transmission of data online.