Stealing certificates
From: Rygg Christian (christian.rygg@edb.com)
Date: 11/20/02
- Previous message: JM: "Re: Protect folder data."
- Next in thread: Adrian McCullagh: "Re: Stealing certificates"
- Maybe reply: Adrian McCullagh: "Re: Stealing certificates"
- Maybe reply: Rygg Christian: "RE: Stealing certificates"
- Reply: Walter Williams: "RE: Stealing certificates"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Rygg Christian <christian.rygg@edb.com> To: "'SECURITY-BASICS@SECURITYFOCUS.COM'" <SECURITY-BASICS@SECURITYFOCUS.COM> Date: Wed, 20 Nov 2002 11:05:22 +0100
Hi,
I'm currently working on a security evaluation on a solution using https
based on server and client certificates (stored in the browser). I have
found the information I need on most areas, but I'm having a bit of trouble
finding info on how easy/hard it would be for a hacker to steal a client
certificate. Does anyone know of a good resource for this kind of
information? Questions are along the lines of:
What weaknesses exist in the various browsers when it comes to certificates?
How easy would it be for a trojan to extract a certificate (with private
key) from the various browsers?
PS: I have found quite a lot of information on other exploits like the bug
in IE that validates fake certificate as OK. Right now I'm just interested
in the possibility of stealing a certificate with private key from various
browsers.
Thanks in advance!
Christian Rygg
- Next message: SB CH: "any VPN program at linux?"
- Previous message: JM: "Re: Protect folder data."
- Next in thread: Adrian McCullagh: "Re: Stealing certificates"
- Maybe reply: Adrian McCullagh: "Re: Stealing certificates"
- Maybe reply: Rygg Christian: "RE: Stealing certificates"
- Reply: Walter Williams: "RE: Stealing certificates"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
