BEGIN:VCALENDAR
PRODID:-//vBulletin 6//EN
VERSION:2.0
CALSCALE:GREGORIAN
BEGIN:VEVENT
UID:cb41b14b-2d60-4402-bb4e-6392e9cec2aa
DTSTAMP:20260420T134418Z
SUMMARY:STARTTLS is Dangerous
DESCRIPTION:The STARTTLS mechanism allows upgrading insecure protocols to a
  TLS encrypted connection. This mechanism is incredibly fragile and almost
  by default leads to vulnerable implementations. In 2011 Wietse Venema dis
 covered a flaw in Postfix that allowed a man in the middle attacker to inj
 ect commands into an encrypted connection [1].\n\nWe discovered that the f
 law is still widely present in E-Mail servers and also\, previously unknow
 n\, the same flaw exists in many mail clients. In some cases these flaws a
 llow stealing E-Mail credentials. Furthermore the STARTTLS mechanism is we
 akly specified and in part contradictory\, which allows other attacks.\n\n
 The talk will give an overview on why STARTTLS is dangerous and should be 
 avoided.\n\nSpeaker(s): Hanno Böck\n\nLocation: Crypto & Privacy Vlg\n\nD
 iscord: https://discord.com/channels/708208267699945503/732734002011832320
 \n\nEvent starts: 2020-08-07 10:00 (10:00 AM) PDT (UTC -07:00)\n\nEvent en
 ds: 2020-08-07 11:00 (11:00 AM) PDT (UTC -07:00)\n\nFor the most up-to-dat
 e information\, please either visit https://info.defcon.org\, or use Hacke
 rTracker\, which is available for iOS and Android. This is an automated me
 ssage\, and this data was last modified 2020-07-30T05:21 (UTC).
URL:https://forum.defcon.org/node/234170
DTSTART:20200807T180000Z
DTEND:20200807T190001Z
LOCATION:Crypto & Privacy Vlg
END:VEVENT
END:VCALENDAR