Sunday, January 3, 2010
Moxie Marlinspike SSL video
Happy New Year! I'm catching up on some of the material I wanted to blog about last year, but just didn't get to. This post is about a talk which is definitely more advanced and for someone interested in learning about cybersecurity, specifically secure web browsing, in more depth.
While the exploit has largely been dealt with at this point, Moxie's talk is posted online and is interesting to watch from an educational perspective because it gives a good overview of HTTPs, PKI and the fundamentals of secure web browsing.
The exploit itself is also interesting it that it shows how a seemingly innocuous thing (how we choose to encode strings) can come back to bite us. Moxie also touches on how this exploit could be used to attack OCSP and automatic software updates. It's a good example of how a little thing can be extended to attack complicated systems.
The video is about an hour long. It does include one use of adult language (sh*t).
Enjoy.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment