Thursday, November 18, 2010

Open source Book: PKI Implementation


A guide to PKIs and Open–source Implementations
Symeon (Simos) Xenitellis
OpenCA Team
Copyright © 1999, 2000 by Symeon (Simos) Xenitellis
This document describes Public Key Infrastructures, the PKIX standards, practical PKI functionality and gives an overview of available open–source PKI implementations. Its aim is foster the creation of viable open–source PKI implementatations.
The latest version of this document can be found at the OSPKI Book WWW site athttp://ospkibook.sourceforge.net/.
Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.1 or any later version published by the Free Software Foundation; with the Invariant Sections being the chapters Chapter 13("Contributions") and the Colophon ("About this document"), with Front-Cover Texts being the text "The Open–source PKI Book, A guide to PKIs and Open–source Implementations" and with Back-Cover Texts being the text "The author's studies are funded by State's Scholarship Foundation (SSF) of Greece". A copy of the license is included in Appendix Eentitled "GNU Free Documentation License".
Table of Contents
List of Tables
List of Figures

Thursday, November 11, 2010

Black hat 2010


Two researchers at the Black Hat conference in Las Vegas on Thursday exposed 24 ways hackers can hijack seemingly secure browser sessions.
Robert Hansen and Josh Sokol demonstrated methods attackers can use to take over users' accounts or assume control of a website without the need for any exploits, due to the way browsers implement "HTTPS." HTTPS, a combination of the Hypertext Transfer Protocol with the SSL/TLS Protocol, allows a website owner to encrypt a session using a digital certificate.
For any of the two dozen attacks to work, however, a criminal would have to have assumed control of a user's computer via a man-in-the-middle (MITM) exploit, by which an attacker intercepts communications between two systems.
But the researchers wanted to show that HTTPS protection alone won't stop bad things from happening.
Videos