March 2011 Blog Posts (2)

Thou shalt not mistrust the PKI

I am getting the impression that the end user is not supposed to ever mistrust any of those CAs that all browser and OS vendors are shipping with their products for our convenience. 

The Comodo hack was only one incident in a row of incidents that show us that the trust model of PKI for SSL certificates is broken in many ways. 

First off there are far too many CAs that your browser or operating system trusts per default.

Your browser or operating system trusts them so…


Added by d3tm4r on March 29, 2011 at 12:30pm — 3 Comments

Promises And Reality Of Modern Commercial IDS

Another lengthy repost from my tumblr blog with some editing.

It's still a topic I am concerned with and which I'd like to discuss.
And where could be a better place for that than DTH? :)
Well now here it…

Added by d3tm4r on March 5, 2011 at 1:30pm — No Comments

Latest Activity

Cole is now a member of Dissecting The Hack
Profile IconKammi and David Stanfill joined Dissecting The Hack
Faraday updated their profile photo
Nov 12
Faraday posted a blog post

Hacking Airline Ticket Seating - Not all Airlines are Secure!

[Will present this at local Defcon 414 in December 2015 and post slideshow here]I have successfully done this over a dozen times - once for my girlfriend on a flight, sending her the credentials via email.I MUST classify this as a "social engineering" hack despite several modifications to the boarding pass - which seems to be NOT associated with this airline's information other than flight number, date, time, and passenger name. Nobody checks, nor has the ability to check when you board the…See More
Nov 6

© 2015   Created by Marcus J. Carey.   Powered by

Badges  |  Report an Issue  |  Terms of Service