TLS interception considered harmful

Cite

Chaos Computer Club e.V.

Böck, Hanno

Formal Metadata

Title

TLS interception considered harmful

Subtitle

How Man-in-the-Middle filtering solutions harm the security of HTTPS

Title of Series

Chaos Communication Camp 2015

Number of Parts

Author

Böck, Hanno

License

CC Attribution 3.0 Germany:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.

Identifiers

10.5446/38077 (DOI)

Publisher

Chaos Computer Club e.V.

Release Date

2015

Language

English

Content Metadata

Subject Area

Computer Science

Genre

Conference/Talk

Abstract

With the more widespread use of encrypted HTTPS connections many software vendors intercept these connections by installing a certificate into the user's browser. This is widely done by Antivirus applications, parental filter software or ad injection software. This can go horribly wrong, as the examples of Superfish and Privdog have shown. But even if implemented properly these solutions almost always decrease the security of HTTPS.