Привіт Люба
this week’s paper by Facebook Research is a bit dated (2014) as you also feel when reading through it (as it uses Flash Player as research ground), but nevertheless I learned quite a bit about how to perform and also detect an SSL Man-in-the-middle attack. In comparison to other approaches, the researcher in this paper was able to detect malicious SSL certificates without adding additional software to the browser. (TIL: Flash supported raw sockets)
Nice start into the world of SSL security and even though it’s age, I consider this a great article and a worthy read.
Software exists to create business value
I am Simon Frey, the author of the Weekly CS Paper Newsletter. And I have great news: You can work with me
As CTO as a Service, I will help you choose the right technology for your company, build up your team and be a deeply technical sparring partner for your product development strategy.
Checkout my website simon-frey.com to learn more or directly contact me via the button below.
Abstract:
The SSL man-in-the-middle attack uses forged SSL certificates to intercept encrypted connections between clients and servers. However, due to a lack of reliable indicators, it is
still unclear how commonplace these attacks occur in the wild. In this work, we have designed and implemented a method to detect the occurrence of SSL man-in-the-middle attack on a top global website, Facebook. Over 3 million real-world SSL connections
to this website were analyzed. Our results indicate that 0.2% of the SSL connections analyzed were tampered with forged SSL certificates, most of them related to antivirus software and corporate-scale content filters. We have also identified some SSL
connections intercepted by malware. Limitations of the method and possible defenses to such attacks are also discussed.
Download Link:
Additional Links: