[cryptography] Another data point on SSL "trusted" root CA reliability (S Korea)

Arshad Noor arshad.noor at strongauth.com
Sat Sep 17 22:03:36 EDT 2011

On 09/17/2011 06:37 PM, Marsh Ray wrote:
> It's not entirely clear that a trusted CA cert is being used in this
> attack, however the article comes to the conclusion that HTTPS
> application data is being decrypted so it's the most plausible assumption.

Why is it the most plausible assumption?  Isn't it far easier to
replace the cryptographic libraries on PCs with one that has a
"wrapper" that copies all payloads before encryption and after
decryption, and transmits the payload to the snooper?  Why go
through the hassle of breaking a cipher when all you have to do
is replace a few files on the target's PC to get what you want?

Arshad Noor
StrongAuth, Inc.

More information about the cryptography mailing list