[LINK] Using Certificate pinning to make yourself more secure
Kim Holburn
kim at holburn.net
Mon Sep 9 13:58:39 AEST 2013
http://arstechnica.com/security/2013/09/spooks-break-most-internet-crypto-but-how/
Spooks break most Internet crypto, but how?
> First, such certificates would be useful only if the NSA was able to impersonate the website in what's known as an active man-in-the-middle attack, which can make the attack less scalable and harder to pull off. That forecloses the possibility of a passive eavesdropping, in which the NSA simply monitors and decrypts traffic passing between a website and a target. More importantly, the technique is easily detected through what's known as certificate pinning that's built into Google's Chrome browser, dedicated Twitter apps, and some security software.
More about pinning:
https://www.imperialviolet.org/2011/05/04/pinning.html
You can do certificate pinning in firefox with the extension: Certificate Patrol.
--
Kim Holburn
IT Network & Security Consultant
T: +61 2 61402408 M: +61 404072753
mailto:kim at holburn.net aim://kimholburn
skype://kholburn - PGP Public Key on request
More information about the Link
mailing list