This is Beau Brownlee's Typepad Profile.
Join Typepad and start following Beau Brownlee's activity
Join Now!
Already a member? Sign In
Beau Brownlee
Recent Activity
The basic premise of this argument is that SSL is indeed secure. However there are tons of very successful attacks against SSL that range from a university chaining together hundreds of PS3s and generating a legitimate certificate for SSL spoofing, Verisign releasing a couple thousand page document that showed that they were regularly successfully hacked over the past few years (once the CA is compromised, your security no longer exists). The ability to compromise or attack an SSL secured site is not the difficult problem that many may think thanks to easy to use GUI applications such as Cain/Able with built in network sniffing, password crackers, SSL spoofing and tools that can hack into a secured wireless network within minutes or hours (depending on if its WEP or WPA). Also, the idea that The Man can't watch what your doing is also not completely accurate. There are many reports of government agencies going into CAs and demanding legitimate certificates. The NSA loves this system because they can easily spy on whomever they wish simply by forcing CAs to give them a legitimate certificate. Whats more, it used to be there was only Verisign. Now there are hundreds of different CAs that are built into your browser as trusted CAs and they aren't all US based companies, they are located all over the world. There is a tremendous lack of oversight of all of these companies. All that to say, we need to rethink our security strategy. There are many other methods of security data including things like Password Authenticated Key Exchanges which does not require a third party (but it does require a more in depth knowledge of security). This is not something that CAs or the government wants. CAs make money on being a third party and the government likes this type of security because they can continue to be big brother looking over your shoulder.
Beau Brownlee is now following The Typepad Team
Feb 24, 2012