[cabfpub] Brazilian bank DNS heist
Gervase Markham
gerv at mozilla.org
Mon Apr 10 14:02:13 UTC 2017
On 10/04/17 07:29, Richard Wang via Public wrote:
> As I know, for Internet banking security in China, some bank developed
> its own client software that they don’t use browser, and the internal
> important communication use IP address + SSL certificate, and the SSL
> certificate is issued by the bank’s own CA. This will solve the DNS
> heist, fake SSL certificate problem.
This is effectively another form of certificate pinning, except with all
the added downsides of running proprietary black-box software.
Gerv
More information about the Public
mailing list