[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Decrypting SSL for Network Monitoring

To: Adam Behnke <adam@xxxxxxxxxxxxxxxxxxxx>
Subject: Re: [Full-disclosure] Decrypting SSL for Network Monitoring
From: coderman <coderman@xxxxxxxxx>
Date: Tue, 28 Jun 2011 20:24:39 -0700

On Tue, Jun 28, 2011 at 9:09 AM, Adam Behnke <adam@xxxxxxxxxxxxxxxxxxxx> wrote:
> InfoSec Institute resources author Alec Waters gives you step by step
> instructions on how to decrypt SSL for network monitoring:
>...
> Your thoughts?

using the ssl observatory to pre-generate useful certs and a hardware
security module to offload the RSA/DSA handshakes coupled to an i7
with AES-NI for payload transport is even better. like the sugar
frosting on top of these crunchy flakes that are part of your
nutritional breakfast!

YMMV. something tells me *this will be a hot topic this summer, either
with your complicit or exploitive support... :o

[ where "this" == SSL MITM FTW. where "complicit" ==
ca-root-on-demand-by-policy, where "exploitive" ==
ca-root-on-my-demand-by-because-i-said-so, where explanations ==
getting tedious... ]

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- [Full-disclosure] Decrypting SSL for Network Monitoring
  - From: Adam Behnke

Prev by Date: Re: [Full-disclosure] Live mtgox.com trade matching bug.
Next by Date: Re: [Full-disclosure] how to detect DDoS attack through HTTP response analysis(throuput)
Previous by thread: Re: [Full-disclosure] Decrypting SSL for Network Monitoring
Next by thread: [Full-disclosure] AST-2011-011: Possible enumeration of SIP users due to differing authentication responses
Index(es):
- Date
- Thread