An Observatory for the SSLiverse

DEF CON 18

Presented by: Jesse Burns, Peter Eckersley
Date: Friday July 30, 2010
Time: 17:00 - 17:50
Location: Royale 5
Track: Track 3

This talk reports a comprehensive study of the set of certificates currently in use on public HTTPS servers. We investigate who signed the certs, what properties they have, and whether there is any evidence of malicious certificates signed, directly or indirectly, by trusted CAs.

Peter Eckersley

Peter Eckersley is a Senior Staff Technologist at the Electronic Frontier Foundation. His research interests include digital copyright and alternatives to digital copyright, network neutrality and network testing, censorship circumvention and privacy enhancing technologies.

Jesse Burns

Jesse Burns is a founding partner at iSEC Partner where he performs penetration tests and manages research. Prior to founding iSEC Partners in 2004, Jesse worked in a variety of software security roles, including as a managing security architect for @Stake, and as a developer of security and directory management tools on Windows and Unix systems. He has previously spoken on topics like Android Security, fuzzing Windows IPC mechanisms, Windows Vista security, and the weaknesses of NTLM.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats