By Andrew Brandt | Thursday, July 30, 2009 at 8:28 am
Dan Kaminsky once again brought a full batch of his grandmother’s lacey cookies, along with their maker, to his session at the Black Hat Briefings security conference in Las Vegas yesterday afternoon. On this, her third visit, grandma heard about another major security breakthrough.
Kaminsky’s talk focused on website certificates, one component of performing SSL-encrypted transactions over the Web. The session drew a standing-room only crowd in one of the largest halls available at the conference. The problems Kaminsky discovered, if they had remained unfixed, could have put at risk virtually any online transaction where money changes hands. In this scenario, criminals might then use such certificates, issued in the names of legitimate businesses, to boost the legitimacy of phishing attacks.
The bottom line is good news. Kaminsky worked with software companies in advance of the talk, and the various issues he reported have either been fixed already, or are in the process of being fixed, in every major OS and Web browser. Thanks, Dan, for saving the Intarwebs once again.