Re: SSL MITM fun.

["jmoss" <jmoss () blackhat com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hey guys, you can also watch the video and maybe that will answer some of
your questions and speculations:

https://media.blackhat.com/bh-dc-09/video/Marlinspike/blackhat-dc-09-marlins
pike-slide.mov
https://media.blackhat.com/bh-dc-09/blackhat-dc-09-marlinspike-interview.m4v
http://www.youtube.com/watch?v=Rvp0oPluuLE

That youtube is a quick interview I did with Moxie, but it was the first
time I have ever done this at a Black Hat and I was totally exhausted and
look a bit zapped. The idea worked well, though, so beware of me at future
events pulling you aside and doing a quick interview.

Moxie is a very good presenter, and the amount of coverage was amazing -
more than I expected for sure. It wasn't earth shattering or anything, just
a very well put together talk with plenty of examples and a comprehensive
review of what is possible. I especially like when Moxie hints that there
are many other areas where these SSL tricks work, but then constrains
himself to only dealing with https. Kaminsky sums it up well with his blog
post:
http://www.doxpara.com/?p=1269

Jeff


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.9.1 (Build 287)
Charset: us-ascii

wsBVAwUBSaRU70qsDNqTZ/G1AQhl+wf/aDID4/pJIPOeZCgU25t0O2Zy1CbzE8x3
SHx5SKwKwBi/lV9XMNa0kWs1sHVgyyjtPUFqgZlCQTuyeiYQt7MaJYReQLqYhZaA
5s+9qVFJiIoqO3PQJsxdll120Cd6Yz7SqSQnIECEWubKgtTv6lX4Zq9w2jAWiFXn
UchLFLmx13Fuvuk+SnPkMBB4Qv1ArBerJDmrT3IhT4TX52uIvW7iwAUNqjvecmca
qlaKiUBXVWwB9w0GDVd4TyvxwwDAi9Vo/59uvzRZIIVDeG90WWxJp9jx1W7FGMZp
ZhuCp7sHF1xGr5ypiqv0lizv7txr2LIP5JnwxV0zt7qxLj7HXBJAMA==
=ufS7
-----END PGP SIGNATURE-----
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave