The most dangerous code in the world: validating SSL certificates in non-browser software

@inproceedings{Georgiev2012TheMD,
  title={The most dangerous code in the world: validating SSL certificates in non-browser software},
  author={Martin Georgiev and Subodh Iyengar and Suman Jana and Rishita Anubhai and Dan Boneh and Vitaly Shmatikov},
  booktitle={ACM Conference on Computer and Communications Security},
  year={2012}
}
SSL (Secure Sockets Layer) is the de facto standard for secure Internet communications. Security of SSL connections against an active network attacker depends on correctly validating public-key certificates presented when the connection is established. We demonstrate that SSL certificate validation is completely broken in many security-critical applications and libraries. Vulnerable software includes Amazon's EC2 Java library and all cloud clients based on it; Amazon's and PayPal's merchant… CONTINUE READING
Highly Influential
This paper has highly influenced 31 other papers. REVIEW HIGHLY INFLUENTIAL CITATIONS
Highly Cited
This paper has 363 citations. REVIEW CITATIONS
Recent Discussions
This paper has been referenced on Twitter 4 times over the past 90 days. VIEW TWEETS