this week’s paper by Facebook Research is a bit dated (2014) as you also feel when reading through it (as it uses Flash Player as research ground), but nevertheless I learned quite a bit about how to perform and also detect an SSL Man-in-the-middle attack. In comparison to other approaches, the researcher in this paper was able to detect malicious SSL certificates without adding additional software to the browser. (TIL: Flash supported raw sockets)
Nice start into the world of SSL security and even though it’s age, I consider this a great article and a worthy read.
The SSL man-in-the-middle attack uses forged SSL certificates to intercept encrypted connections between clients and servers. However, due to a lack of reliable indicators, it is
still unclear how commonplace these attacks occur in the wild. In this work, we have designed and implemented a method to detect the occurrence of SSL man-in-the-middle attack on a top global website, Facebook. Over 3 million real-world SSL connections
to this website were analyzed. Our results indicate that 0.2% of the SSL connections analyzed were tampered with forged SSL certificates, most of them related to antivirus software and corporate-scale content filters. We have also identified some SSL
connections intercepted by malware. Limitations of the method and possible defenses to such attacks are also discussed.
It would be awesome if you could help growing our little paper community even more by sharing it with your circles (you can also @eu_frey me on Twitter for retweets :D):
If you have any paper recommendation for me, please do not hesitate to approach me via [email protected] (Please keep the Backend & DevOps topic focus in mind)
With much love,