17 Dec
2003
17 Dec
'03
11:17 p.m.
Ed Felten of Princeton presented something similar at the Dimacs Network Threats workshop in November 96. Frank O'Dwyer wrote: | | I've written up an attack on SSL server authentication at | | http://www.iol.ie/~fod/sslpaper/sslpaper.htm | | As far as I am aware, this attack hasn't been written about before. | It does not attack the SSL protocol or low-level cryptography, but works | at a higher level in order to persuade users to connect to fake servers, | with the browser nonetheless giving all the usual appearances of a | secure session. -- "It is seldom that liberty of any kind is lost all at once." -Hume