HTTPS was created to protect confidentiality and prove integrity of content passed over the web. It has essentially become the de-facto standard for internet commerce transport security. Over the years a number of exploits have attacked the principle, underlying PKI infrastructure and overall design of HTTPS. This presentation will drive another nail in the HTTPS coffin through a number of new exploitation techniques leveraging man-in-the-middle attacks; the goal of which is to break confidentiality and integrity of HTTPS traffic. The impact of these flaws suggests a need for changes in the ways we protect the transmission of data online.
SecTheory
Josh Sokol graduated from the University of Texas at Austin with a BS in Computer Science in 2002. Since that time, he has worked for several large companies including AMD and BearingPoint, spent some time as a military contractor, and is currently employed as the Information Security Program Owner at National Instruments. In his current role, Josh manages all compliance, risk management, and vulnerability management activities for NI. Josh is a CISSP and also a frequent contributor on the Web Admin Blog.