[prev in list] [next in list] [prev in thread] [next in thread] 

List:       cryptography-randombit
Subject:    [cryptography] Another data point on SSL "trusted"
From:       pgut001 () cs ! auckland ! ac ! nz (Peter Gutmann)
Date:       2011-09-18 18:54:41
Message-ID: E1R5MVl-0002Qy-2L () login01 ! fos ! auckland ! ac ! nz
[Download RAW message or body]

Ralph Holz <holz at net.in.tum.de> writes:

>I don't think so. Here is a list of "COUNT(issuers), issuers" from the EFF
>dataset. Only those counted that appeared > 200 times.
>
>http://www.meleeisland.de/issuer_ca_on_eff.csv

Oh, now it makes sense, those are mostly router certs (and various other certs
from vendors who create broken certs like the Plesk ones).  You won't just
find them in Korea, they're everywhere, in vast numbers, but (at least for the
router certs) they're usually only visible from the LAN interface.

So all you need to do is warkit a router via one of a seemingly endless series 
of vulns that SOHO routers have and you've got a trusted root cert that can 
MITM all traffic through it.

Peter.

[prev in list] [next in list] [prev in thread] [next in thread]