How important is SSL in security, Zeev Glozman
Thursday Zeev Glozman, Founder and CEO at Beame.io, performed a talk at Infosecuirty Europe 2016. The talk, called “Why We Turned the Mobile into an HTTPS Server and How You Can Use It Today”, focused on the changes to SSL and how Beame.io have been working to bring cheap and affordable SSL certificate access to the masses.
From the start it was obvious that Zeev was very passionate about what he was talking about, immediately going through in detail the history of SSL and how it has drastically changed over the years. Throughout the talk Zeev’s focus moved towards how Beame.io offered a platform for individuals to set up their own publicly trusted SSL certificates. He continued by stating that the platform functions as a server, generates keys on the platform and are all signed publicly and trusted. One of the main selling points for such a platform was the fact that it was open source, Zeev commented:
I wouldn’t implement anything like this that I couldn’t see the code for. I’m not keen in trusting closed code solutions… [This has the potential to be] a password killer that has a reasonable shot. How is this different? We keep no credentials, it’s encrypted end to end and has a compartmentalized environment… Affordable and cheap access to SSL certificates is key”
Zeev closed his talk by talking about the current threat landscape and bringing attention to attack vectors that are only present due to security measures being put in place. An example of this was companies implementing SSL decrypters to analyse traffic and in turn opening that data to man in the middle attacks. He closed his talk with this comment:
We put things in the way and they became attack vectors.