The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

  • Twitter Updates

  • My Flickr Stream

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 2,053 other followers

DEFCON 17: More Tricks For Defeating SSL – YouTube

Posted by jpluimers on 2016/07/11

Still relevant after a few years: DEFCON 17: More Tricks For Defeating SSL – YouTube.

I landed there after trying to find out how to verify the Internic root server file is actually pubished by Internic via authentication – Ways to sign gpg public key so it is trusted? – Information Security Stack Exchange.

I remember reading his “if you have to perform any cryptographic operation before verifying the MAC on a message you’ve received, it will somehow inevitably lead to doom” post (Moxie Marlinspike >> Blog >> The Cryptographic Doom Principle), but never noticed his videos.

It is still relevant as there are lots of implementations still vulnerable to these kinds of attacks.

Many more of his blog entries are interesting as well:

More recent videos:

Finally be sure to read his short stories. Mostly non-tech related. Some terrifying, some amusing. Good reads: Moxie Marlinspike >> Stories.

–jeroen

Moxie Marlinspike aka Matthew Rosenfeld aka Mike Benham

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

 
%d bloggers like this: