From: “Frank O’Dwyer” <fod@brd.ie>
To: Adam Shostack <adam@homeport.org>
Message Hash: fd362a7662259fef5308e75e9fd2b051661a5bc6d0a0f569625e99ba2e3f5754
Message ID: <199701041555.PAA00531@brd.ie>
Reply To: <199701041504.KAA24308@homeport.org>
UTC Datetime: 1997-01-04 15:54:21 UTC
Raw Date: Sat, 4 Jan 1997 07:54:21 -0800 (PST)
From: "Frank O'Dwyer" <fod@brd.ie>
Date: Sat, 4 Jan 1997 07:54:21 -0800 (PST)
To: Adam Shostack <adam@homeport.org>
Subject: Re: Hyperlink Spoofing: an attack on SSL server authentication
In-Reply-To: <199701041504.KAA24308@homeport.org>
Message-ID: <199701041555.PAA00531@brd.ie>
MIME-Version: 1.0
Content-Type: text/plain
> Ed Felten of Princeton presented something similar at the Dimacs
> Network Threats workshop in November 96.
Jim Truitt just posted a link for their paper, which I've linked
off my page. Although it incorporates most of the same
ground as my stuff, I think I have shown some additional
vulnerabilities and (more importantly) some new fixes.
Cheers,
Frank O'Dwyer.
> Frank O'Dwyer wrote:
> |
> | I've written up an attack on SSL server authentication at
> |
> | http://www.iol.ie/~fod/sslpaper/sslpaper.htm
> |
> | As far as I am aware, this attack hasn't been written about before.
> | It does not attack the SSL protocol or low-level cryptography, but works
> | at a higher level in order to persuade users to connect to fake servers,
> | with the browser nonetheless giving all the usual appearances of a
> | secure session.
>
>
> --
> "It is seldom that liberty of any kind is lost all at once."
> -Hume
>
>
Return to January 1997
Return to ““Frank O’Dwyer” <fod@brd.ie>”