The Internet – with 2.5 billion users – was never designed to be a secure system. Protocols like DNS or HTTP, the main building blocks of the Internet, were not designed with security in mind. Security protocols and extensions, such as SSL, were built upon these layers in order to provide protection against malicious attacks.
In this talk, we will focus on SSL/TLS: the most prominent Internet security protocol today. We will discuss what security issues it solves, and what limitations it has. We will then describe some relevant attacks like various SSL-stripping techniques and other MitM (Man-in-the-Middle) attacks, and learn to identify the suspicious signs that we should beware of.
This talk is 90 minutes long and is intended for people with a relevant background in computer networks/web.
Avishay Bartik is a security researcher in IBM CCoE – Cyber Security Center of Excellence in Beer-Sheva, working on various aspects of network and system security. Prior to joining IBM, Avishay served as a security software engineer in the PMO.