Black Hat Conference: Socket to me

Sheble, Nicholas
April 2009
InTech;Apr2009, Vol. 56 Issue 4, p9
The article reports that Moxie Marlinspike, who spoke at the Black Hat Security conference, explained the process of subverting a Secure Sockets Layer (SSL) session by performing a man-in-the-middle attack. She says that the attack uses the SSLstrip, which exploits the interface between http and https sessions. It explains that the SSLstrip works by watching http traffic acting as a proxy when a user attempts to initiate an https session.


Related Articles

  • Developing Secure Web Applications. Scott, David; Sharp, Richard // IEEE Internet Computing;Nov/Dec2002, Vol. 6 Issue 6, p38 

    Focuses on the Secure Web Applications Project research initiative by the Laboratory for Communications Engineering and the Computer Laboratory of the University of Cambridge. Application-level vulnerabilities; Overview of the project; Background on a secure interface description language

  • Beyond SQL XML. Nunn, Matt // SQL Server Magazine;Jul2005, Vol. 7 Issue 7, p23 

    Discusses support provided by Microsoft Corp.'s SQL Server 2005 database software for Web services. HTTP endpoints at the server; Improvement in interoperabiltiy and application connectivity; Features of the SQL Server to ensure Web-service security.

  • Is My Communication Really Secure? Jungen, Don // Facts & Findings;Nov/Dec2013, Vol. 40 Issue 3, p24 

    The article offers suggestions for using secure web communication which includes electronic mails, internet browsing, and communication protocol used. It advices to use Hypertext Transfer Protocol Secure (HTTPS) while connecting to email services such as Goggle and Hotmail. It recommends...

  • IDL 3.0 for Windows. Altidis, Paris // Design News;11/1/93, Vol. 49 Issue 21, p164 

    Features the Interactive Data Language (IDL) system from Research Systems Incorporated. Creation of procedures and completion of interactive applications; Presentation of visual information; Linkages of the IDL. INSET: IDL..

  • Image processing system. Seiter, Charles // Macworld;Oct94, Vol. 11 Issue 10, p77 

    Reviews Research Systems' Interactive Data Language (IDL) 3.5 image processing software.

  • Mapping Arctic ice floes.  // Geographical (Campion Interactive Publishing);Jun95, Vol. 67 Issue 6, p7 

    Reports on the use of interactive data package (IDL) to analyze ice cover and movement in the Barents Sea by the Earth Observation Sciences (EOS). Information from the ERS-1 satellite; Sea ice movement information for oil exploration company.

  • PUSH COMES TO SHOVE. Hoffman, Karen Epper // SC Magazine: For IT Security Professionals (15476693);Feb2013, Vol. 24 Issue 2, p22 

    The article explores how Internet companies are now collaborating together to fight cyber threats. According to PayPal senior manager of customer and ecosystem security Andy Steingruebl, browsers are key to embedding fundamental protections into the Internet. Firefox web browser's Firesheep...

  • Do Not Track Is Not Working.  // Micro Mart;10/21/2013, Issue 1283, p71 

    The article reveals that 145 of the web's top 10,000 web sites are tracking users without their knowledge, ignoring the Do Not Track HyperText Transfer Protocol (HTTP) header, by using hidden scripts to extract a device fingerprint from the user's browser.

  • Prevention of Cross Site Scripting with E-Guard Algorithm. Stephen, M. James; Reddy, P. V. G. D. Prasad; Naidu, Ch. Demudu; Rajesh, Ch. // International Journal of Computer Applications;May2011, Vol. 22, p30 

    In this world of networking where people around the globe are connected, Cross-site Scripting (XSS) has emerged to one of the most prevalent growing threat. XSS attacks are those in which attackers inject malicious codes, most often client-side scripts, into web applications from outside...


Read the Article


Sorry, but this item is not currently available from your library.

Try another library?
Sign out of this library

Other Topics