MitM and DoS attacks on domains through the use of residual certificates

Discussion in '0-day Release' started by RGiskardR, Aug 31, 2018.

  1. RGiskardR

    RGiskardR Malware Tester Silver Member

    HTTPS certificates are one of the pillars of Internet security. But it is not all roses with them. We have already discussed the ways the existing system often fails to guarantee security to users. Now let us focus on what can go wrong for the website owners.

    Two valid certificates for the same domain

    Domain registration and HTTPS certification are often controlled by different organizations, so the validity periods for domains and certificates will not necessarily be the same. That leads to situations in which the former and the current owners hold valid certificates for the same domain at the same time.

    What can go wrong in a situation like that, and how widespread is the problem in real life? At DEF CON 26, researchers Ian Foster and Dylan Ayrey presented their study of the problem. According to them, there are even more complications than seen at first glance — and it’s a surprisingly widespread problem.

    Full reading:
    Der.Reisende and silversurfer like this.
  2. Google Adsense

Share This Page