SSL disturbs me.

celestialmechanic said: Secure Socket Layer?
shlevy said: Why?

the implementations appear to be universally buggy, possibly by design.

the spec itself is unnecessarily complex in ways that make it exploitable.

the certificate authorities do not seem particularly reputable, yet they are the foundation of the entire system as currently implemented.

Meanwhile at Fort Meade:

“I see SSL has been implemented exactly to spec, good work everybody”

Meanwhile meanwhile at Fort Meade:

“How come everybody has such an easy time hacking our critical infrastructure?”

OK SO THE REAL ANSWER is that people keep falling for phishing attacks because the offense/defense power is so lopsided – viz. the OpFor gets paid to do this and only needs to succeed once and the defense has to succeed every time they receive an email and also this is not their job.

But I like to think of it as the NSA being hoist on their own petard.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s