pvaneynd: (Default)
They discovered a "Man In The Middle" attack again TLS (or the older SSL): during renegotiation one can insert data into the stream. See this excellent article for an example.

The good part is that this requires that you can intercept the traffic between you and the server. The bad news is that this is relatively easy to do in many environments (public wifi, PC's on a hub/cheap switch etc). The major bad news is that this is not an implementation bug but an error in the specification, so expect everybody who uses SSL/TLS to be vulnerable and to update their products...

Interesting times indeed.
pvaneynd: (Default)
http://kuix.de/sslhazard/sslhazard.php

Yes, I browse to billions of self-signed https sites every day so I needed this...

Profile

pvaneynd: (Default)
pvaneynd

October 2015

S M T W T F S
    123
45678910
11121314151617
1819202122 2324
25262728293031

Syndicate

RSS Atom

Most Popular Tags

Style Credit

Expand Cut Tags

No cut tags
Page generated Feb. 28th, 2017 09:55 am
Powered by Dreamwidth Studios