[Cryptography] Threatwatch: CIN - Corruptor-Injector Network
John-Mark Gurney
jmg at funkthat.com
Mon Aug 10 20:38:16 EDT 2015
Tom Mitchell wrote this message on Mon, Aug 10, 2015 at 14:11 -0700:
> One short term hack is to find ways to discover these bad certificates and
> black list them.
There are lots of these projects out there... Might want to look at:
https://www.eff.org/observatory
http://tack.io/
And Chrome already does this for their own properties:
http://googleonlinesecurity.blogspot.com/2011/08/update-on-attempted-man-in-middle.html
and:
http://blog.chromium.org/2011/06/new-chromium-security-features-june.html
Chromium has Google's certs preloaded and pinned to prevent invalid
certificates from being used...
--
John-Mark Gurney Voice: +1 415 225 5579
"All that I will do, has been done, All that I have, has not."
More information about the cryptography
mailing list