scotjam's questions -server

scotjam

Asked: 2010-11-18 07:46:15 +0800 CST

Man In The Middle Attacks vs. SSL Certificate Authorities

What stops someone from MITM-attacking the request to the certificate authority to verify the certificate? Does the browser come pre-loaded with the public keys of the trusted certificate authorities (thereby providing authentication)?

Whenever I think about MITM attacks, I think that any defence requires a "safe" connection to be established for authentication, and that the initial establishment of any "safe" connection always seems to be subject to a MITM attack itself. So for example, if the public keys of the trusted certificate authorities above are indeed distributed with the browser, the distribution of the browser would be subject to MITM attacks. As I understand it, even if you physically handed someone a public key / certificate / anything on a piece of paper, you had better know them from elsewhere otherwise they could be a MITM.

Do I understand this correctly?

Thanks!

Man In The Middle Attacks vs. SSL Certificate Authorities

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?