This panel will discuss how to mitigate or prevent active man-in-the-middle attacks that use combinations of social engineering, malware, DNS, and certificate mis-issuance or issuance process compromises involving CAs to compromise SSL sessions on unpatched, misconfigured, or poorly designed systems and trick users into disclosing sensitive information.