Black Hat: Internet Rendered Safe for Buying Stuff

Security guru heads off major potential disaster

By  |  Thursday, July 30, 2009 at 8:28 am

kamboard2_72tcDan Kaminsky once again brought a full batch of his grandmother’s lacey cookies, along with their maker, to his session at the Black Hat Briefings security conference in Las Vegas yesterday afternoon. On this, her third visit, grandma heard about another major security¬† breakthrough.

Kaminsky’s talk focused on website certificates, one component of performing SSL-encrypted transactions over the Web. The session drew a standing-room only crowd in one of the largest halls available at the conference. The problems Kaminsky discovered, if they had remained unfixed, could have put at risk virtually any online transaction where money changes hands. In this scenario, criminals might then use such certificates, issued in the names of legitimate businesses, to boost the legitimacy of phishing attacks.

kaminsky_1The bottom line is good news. Kaminsky worked with software companies in advance of the talk, and the various issues he reported have either been fixed already, or are in the process of being fixed, in every major OS and Web browser. Thanks, Dan, for saving the Intarwebs once again.

 
Be the first to comment


Read more: 

Comments are closed.