Moxie Marlinspike
Moxie Marlinspike is an independent computer security researcher. He has discovered several high-profile computer-related security problems[1] and is the author of the sailing film Hold Fast[2].
According to Marlinspike's website, he "currently do[es] security consulting and penetration testing, and additionally offer trainings on designing secure protocols.".[3]
sslstrip
Marlinspike is the author of the sslstrip tool presented at Black Hat DC 2009, which demonstrates how HTTPS websites are vulnerable to a man-in-the-middle attack if the connection start out as a HTTP connection before being redirected to HTTPS, as is nearly always the case.[4]
sslsniff
Marlinspke is also the author of sslsniff, a general purpose SSL/TLS man-in-the-middle attack tool that was originally written to exploit the BasicConstraints vulnerability that he published in 2002.[5]
NULL-prefix attacks
Marlinspike presented attacks on the SSL/TLS protocol at Black Hat USA 2009, which demonstrated ways to use X.509 certificates with NULL characters in them to successfully intercept all SSL/TLS traffic on a network. These attacks could be combined with unusual characteristics of Firefox's wildcard support to create "universal wildcard certificates" that would work for any site.[6][7]
OCSP Attacks
Also at Black Hat USA 2009, Marlinspike presented attacks on the Online Certificate Status Protocol that enable attackers to defeat the protocol and successfully present certificates that have been revoked by CAs.[8]
References
External links
- Thoughtcrime Labs - Moxie Marlinspike's website.
- Anarchist Yacht Club
{{subst:#if:Marlinspike, Moxie|}} [[Category:{{subst:#switch:{{subst:uc:}}
|| UNKNOWN | MISSING = Year of birth missing {{subst:#switch:{{subst:uc:}}||LIVING=(living people)}} | #default = births
}}]] {{subst:#switch:{{subst:uc:}}
|| LIVING = | MISSING = | UNKNOWN = | #default =
}}