The Risks of SSL Inspection | certcc
vendredi 20 mars 2015 à 19:23CAFAI Liens en Vrac 20/03/2015
Recently, SuperFish and PrivDog have received some attention because of the risks that they both introduced to customers because of implementation flaws. Looking closer into these types of applications with my trusty CERT Tapioca VM at hand, I've come to realize a few things.
In this blog post, I will explain
The capabilities of SSL and TLS are not well understood by many.
SSL inspection is much more widespread than I suspected.
Many applications that perform SSL inspection have flaws that put users at increased risk.
Even if SSL inspection were performed at least as well as the browsers do, the risk introduced to users is not zero.
(Permalink)
Recently, SuperFish and PrivDog have received some attention because of the risks that they both introduced to customers because of implementation flaws. Looking closer into these types of applications with my trusty CERT Tapioca VM at hand, I've come to realize a few things.
In this blog post, I will explain
The capabilities of SSL and TLS are not well understood by many.
SSL inspection is much more widespread than I suspected.
Many applications that perform SSL inspection have flaws that put users at increased risk.
Even if SSL inspection were performed at least as well as the browsers do, the risk introduced to users is not zero.
(Permalink)