Analyzing Forged SSL Certificates in the Wild Lin-Shung Huang, Alex Ricey, Erling Ellingseny, Collin Jackson
Abstract—The SSL man-in-the-middle attack uses forged SSL certificates to intercept encrypted connections between clients and servers. However, due to a lack of reliable indicators, it is still unclear how commonplace these attacks occur in the wild. In this work, we have designed and implemented a method to detect the occurrence of SSL man-in-the-middle attack on a top global website, Facebook. Over 3 million real-world SSL connections to this website were analyzed. Our results indicate that 0.2% of the SSL connections analyzed were tampered with forged SSL certificates, most of them related to antivirus software and corporate-scale content filters. We have also identified some SSL connections intercepted by malware. Limitations of the method and possible defenses to such attacks are also discussed. https://www.linshunghuang.com/papers/mitm.pdf news coverage.. https://news.google.com/news?ncl=dCtyuKtyM9cSNPM9nzTnp15Wfnh4M&q=IopFailZeroAccessCreate&lr=English&hl=en&sa=X _______________________________________________ wpkops mailing list wpkops@ietf.org https://www.ietf.org/mailman/listinfo/wpkops