History of the TLS Authentication Gap bug

March 10, 2010 (at 1:30 p.m.) in Attack & Research

A serious security flaw was recently found in TLS, dating back to the mid-90′s. How did this happen, why didn’t anyone catch it, why is it so hard to fix, and what can we do to prevent it going forward? The speakers will also discuss the relative merits of various mitigations and the IETF’s proposed solution.

Steve Dispensa

Steve is the Chief Technology Officer and co-founder of PhoneFactor, a provider of phone-based authentication services. Steve is a regular speaker and writer on issues surrounding authentication.

Marsh Ray

Marsh Ray is a Software Development Engineer at PhoneFactor, Inc., a maker of two-factor authentication software, where he is responsible for security software development.