[SSL Observatory] fyi: Analyzing Forged SSL Certificates in the Wild

[=JeffH]

Analyzing Forged SSL Certificates in the Wild
Lin-Shung Huang, Alex Ricey, Erling Ellingseny, Collin Jackson

Abstract—The SSL man-in-the-middle attack uses forged SSL
certificates to intercept encrypted connections between clients
and servers. However, due to a lack of reliable indicators, it is
still unclear how commonplace these attacks occur in the wild. In
this work, we have designed and implemented a method to detect
the occurrence of SSL man-in-the-middle attack on a top global
website, Facebook. Over 3 million real-world SSL connections
to this website were analyzed. Our results indicate that 0.2%
of the SSL connections analyzed were tampered with forged
SSL certificates, most of them related to antivirus software and
corporate-scale content filters. We have also identified some SSL
connections intercepted by malware. Limitations of the method
and possible defenses to such attacks are also discussed.

https://www.linshunghuang.com/papers/mitm.pdf


news coverage..

https://news.google.com/news?ncl=dCtyuKtyM9cSNPM9nzTnp15Wfnh4M&q=IopFailZeroAccessCreate&lr=English&hl=en&sa=X