CyLab Seminar: Moxie Marlinspike

Time: May 18, 2009 - 12:00 PM - 1:00 PM

Location: DEC@CIC

Description:

CyLab welcomes Moxie Marlinspike, Fellow, Institute for Disruptive Studies, to present "Tricks For Defeating SSL In Practice."

This talk will introduce a class of vulnerabilities which focuses on attacking the bridge between HTTP and HTTPS. Specifically, this talk will detail some new tools and techniques that allow attackers to silently strip SSL from traffic intended for HTTPS in common web applications such as online banking and webmail logins. In practice, these tricks prove deadly for allowing attackers to silently alter, inject, and log traffic that should otherwise be secure. Real-world field testing data will be provided.