lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20130119060057.GA13069@gremlin.ru> Date: Sat, 19 Jan 2013 10:00:57 +0400 From: gremlin@...mlin.ru To: full-disclosure@...ts.grok.org.uk Subject: Re: How to prevent HTTPS MitM On 17-Jan-2013 21:56:53 +0100, Luigi Rosa wrote: > I was reading about Nokia HTTPS MitM. Many corporate firewall > can MitM HTTPS for content inspection and many governments do > this for their reasons. > I was thinking: could it be possible to create a fake HTTPS > stream to DoS the MitM attempt? Yes, but that most likely will cut your Internet connection on the inspection proxy. -- Alexey V. Vissarionov aka Gremlin from Kremlin <gremlin ПРИ gremlin ТЧК ru> GPG key ID: 0xEF3B1FA8, keyserver: hkp://subkeys.pgp.net GPG key fingerprint: 8832 FE9F A791 F796 8AC9 6E4E 909D AC45 EF3B 1FA8 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists