posted on Feb, 19 2009 @ 01:26 PM
Interesting. I, for one, have never assumed SSL connections are 'secure', only that they are 'secure enough'.
Let me point out that, from the brief description I read, this is not a crack of SSL encryption. Rather, it is an exploit of
insecurities in the SSL authentication protocol. What's that mean?
Well, the important thing is than an attacker could not simply passively capture network traffic (with a 'sniffer' tool), analyze it, and
then decrypt communications. Instead, they would need to intercept and modify the communications. This is called a
'man-in-the-middle' attack, because the attacker sits in the 'middle' of the communications session, pretending to each side to be the other, in
order to fake a secure session.
Still, with recent DNS redirect exploits as an example, this does not bode well for net security.
Edit: According to the T&C's, discussion of illegal HAxOR-like stuff is against policy. Of course, we're still in the range of valid technical
explanation here, but could a mod please clarify what the line is? This is a valuable thread, imho, and I wouldn't want to see it trashed.
[edit on Feb 19th 2009 by Ian McLean]