Comment Willing to help (Score 1) 102
I'm also a comp sci prof and have played many cybersec ctfs. If you want to have a chat on the phone pm me and I can give some tips.
Best
Gareth
I'm also a comp sci prof and have played many cybersec ctfs. If you want to have a chat on the phone pm me and I can give some tips.
Best
Gareth
The bug is that the cn hostname from the certificate is not verified. So it's possible to use your own website SSL cert as a cert for any other site and Apple devices will accept it no question. Of course, to exploit, you'd need to modify a tool like webmitm to serve a fixed certificate.
Very very dangerous, seems to be a result of switching away from OpenSSL although details are still flaky.
The screen recorder is Camtasia - Linux is running in a VM under Windows.
There are two ways to write error-free programs; only the third one works.