pvaneynd: (Default)
They discovered a "Man In The Middle" attack again TLS (or the older SSL): during renegotiation one can insert data into the stream. See this excellent article for an example.

The good part is that this requires that you can intercept the traffic between you and the server. The bad news is that this is relatively easy to do in many environments (public wifi, PC's on a hub/cheap switch etc). The major bad news is that this is not an implementation bug but an error in the specification, so expect everybody who uses SSL/TLS to be vulnerable and to update their products...

Interesting times indeed.
pvaneynd: (Default)
http://kuix.de/sslhazard/sslhazard.php

Yes, I browse to billions of self-signed https sites every day so I needed this...

Profile

pvaneynd: (Default)
pvaneynd

March 2017

S M T W T F S
   1234
567891011
12131415 161718
19202122232425
26272829 3031 

Syndicate

RSS Atom

Most Popular Tags

Style Credit

Expand Cut Tags

No cut tags
Page generated Oct. 18th, 2017 09:54 pm
Powered by Dreamwidth Studios