[clug] SSL Man-in-the-Middle attack - by "Law Enforcement"?

steve jenkin sjenkin at canb.auug.org.au
Wed Mar 24 20:21:26 MDT 2010



"They found turnkey surveillance products, marketed and sold to law
enforcement and intelligence agencies in the US and foreign countries,
designed to collect encrypted SSL traffic based on forged "look-alike"
certificates obtained from cooperative certificate authorities.

"The products (apparently available only to government agencies) appear
sophisticated, mature, and mass-produced, suggesting that "certified
man-in-the-middle" web surveillance is at least commonplace and
widespread enough to support an active vendor community."

"Wired's Ryan Singel reports in depth here."

"A paper published today by Chris Soghoian and Sid Stamm suggests that
the threat may be far more practical than previously thought."

Steve Jenkin, Info Tech, Systems and Design Specialist.
0412 786 915 (+61 412 786 915)
PO Box 48, Kippax ACT 2615, AUSTRALIA

sjenkin at canb.auug.org.au http://members.tip.net.au/~sjenkin

More information about the linux mailing list