cryptoanarchy.wiki

Arise, you have nothing to lose but your barbed wire fences!

1997-01-04 - Re: Hyperlink Spoofing: an attack on SSL server authentication

Header Data

From: Adam Shostack <adam@homeport.org>
To: fod@brd.ie (Frank O’Dwyer)
Message Hash: 4efd3449dd31ec7583fc3d80dd88028ae007054374fbc3de5b5e993ea6b5512a
Message ID: <199701041504.KAA24308@homeport.org>
Reply To: <199701041259.MAA00180@brd.ie>
UTC Datetime: 1997-01-04 15:07:34 UTC
Raw Date: Sat, 4 Jan 1997 07:07:34 -0800 (PST)

Raw message

From: Adam Shostack <adam@homeport.org>
Date: Sat, 4 Jan 1997 07:07:34 -0800 (PST)
To: fod@brd.ie (Frank O'Dwyer)
Subject: Re: Hyperlink Spoofing: an attack on SSL server authentication
In-Reply-To: <199701041259.MAA00180@brd.ie>
Message-ID: <199701041504.KAA24308@homeport.org>
MIME-Version: 1.0
Content-Type: text/plain


Ed Felten of Princeton presented something similar at the Dimacs
Network Threats workshop in November 96.

Frank O'Dwyer wrote:
| 
| I've written up an attack on SSL server authentication at
|      
| 	http://www.iol.ie/~fod/sslpaper/sslpaper.htm
| 
| As far as I am aware, this attack hasn't been written about before.
| It does not attack the SSL protocol or low-level cryptography, but works
| at a higher level in order to persuade users to connect to fake servers, 
| with the browser nonetheless giving all the usual appearances of a 
| secure session.


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume

Thread