Four years of breaking HTTPS with BGP hijacking
During the 2015 BlackHat conference, the authors presented an approach which makes it possible for an arbitrary attacker to use vulnerabilities in the Border Gatew …
|Talk Title||Four years of breaking HTTPS with BGP hijacking|
|Speakers||Artyom Gavrichenkov, Qrator Labs CZ|
|Location||San Francisco, CA|
|Date||Feb 18 2019 - Feb 20 2019|
During the 2015 BlackHat conference, the authors presented an approach which makes it possible for an arbitrary attacker to use vulnerabilities in the Border Gateway Protocol to obtain fraudulent certificates, recognized by browsers as valid ones, for Web sites an attacker couldn’t otherwise control. As a result, the overall security of Internet PKIX, which we all rely on daily while browsing our favorite social networks and banking systems, was shown to be at risk. Plenty of time has passed since August 2015. Researchers were digging into the issue, certificate authorities kept an eye on it, changes to Internet protocols were designed and implemented, and black hats started to exploit the method after all. As it is now almost four years after the discovery of the initial issue, it’s a good time to examine the outcome: what has been done, what’s yet to be done and how long does it take for the Internet community to amend an Internet protocol even for the greater good.