It looks like you're using an Ad Blocker.

Please white-list or disable in your ad-blocking tool.

Thank you.


Some features of ATS will be disabled while you continue to use an ad-blocker.


SSL security. not so safe!

page: 1

log in


posted on Feb, 19 2009 @ 01:05 PM
Independent hacker Moxie Marlinspike has unveiled new techniques to defeat SSL encryption, which would leave common web applications such as online banking or secure website logins vulnerable to attack.

Would you imagine? this protocol being cracked, that would create total chaos on top of the actual economy chaos


posted on Feb, 19 2009 @ 01:26 PM
Interesting. I, for one, have never assumed SSL connections are 'secure', only that they are 'secure enough'.

Let me point out that, from the brief description I read, this is not a crack of SSL encryption. Rather, it is an exploit of insecurities in the SSL authentication protocol. What's that mean?

Well, the important thing is than an attacker could not simply passively capture network traffic (with a 'sniffer' tool), analyze it, and then decrypt communications. Instead, they would need to intercept and modify the communications. This is called a 'man-in-the-middle' attack, because the attacker sits in the 'middle' of the communications session, pretending to each side to be the other, in order to fake a secure session.

Still, with recent DNS redirect exploits as an example, this does not bode well for net security.

Edit: According to the T&C's, discussion of illegal HAxOR-like stuff is against policy. Of course, we're still in the range of valid technical explanation here, but could a mod please clarify what the line is? This is a valuable thread, imho, and I wouldn't want to see it trashed.

[edit on Feb 19th 2009 by Ian McLean]

posted on Sep, 20 2011 @ 09:54 PM
Barely a peep.

Come on people, this is big.


log in