“It is striking that despite 30 years of cryptographic research, no-one has noticed this problem before. It has been hiding in plain sight all along.” Commented Professor of Security Engineering, Ross Anderson, after Svenda’s presentation at the University of Cambridge.
Apparently there is a major problem with https keys leaking information about your security management. This includes tools and methods used.
Check the article for more information.
Your HTTPS Certificate Shows Where Its Key Comes From
We have extended the original research and can now use information from public keys (HTTPS, TLS, SSH, SSL) to audit cyber security management and compliance with internal standards. This post is about our application of a research I blogged about earlier – Investigating The Origins of RSA Public Keys.