It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Thank you.
Some features of ATS will be disabled while you continue to use an ad-blocker.
SSL security. not so safe!
page: 10
share:
Independent hacker Moxie Marlinspike has unveiled new techniques to defeat SSL encryption, which would leave common web applications such as online
banking or secure website logins vulnerable to attack.
Would you imagine? this protocol being cracked, that would create total chaos on top of the actual economy chaos
Source: www.itpro.co.uk...
Would you imagine? this protocol being cracked, that would create total chaos on top of the actual economy chaos
Source: www.itpro.co.uk...
Interesting. I, for one, have never assumed SSL connections are 'secure', only that they are 'secure enough'.
Let me point out that, from the brief description I read, this is not a crack of SSL encryption. Rather, it is an exploit of insecurities in the SSL authentication protocol. What's that mean?
Well, the important thing is than an attacker could not simply passively capture network traffic (with a 'sniffer' tool), analyze it, and then decrypt communications. Instead, they would need to intercept and modify the communications. This is called a 'man-in-the-middle' attack, because the attacker sits in the 'middle' of the communications session, pretending to each side to be the other, in order to fake a secure session.
Still, with recent DNS redirect exploits as an example, this does not bode well for net security.
Edit: According to the T&C's, discussion of illegal HAxOR-like stuff is against policy. Of course, we're still in the range of valid technical explanation here, but could a mod please clarify what the line is? This is a valuable thread, imho, and I wouldn't want to see it trashed.
[edit on Feb 19th 2009 by Ian McLean]
Let me point out that, from the brief description I read, this is not a crack of SSL encryption. Rather, it is an exploit of insecurities in the SSL authentication protocol. What's that mean?
Well, the important thing is than an attacker could not simply passively capture network traffic (with a 'sniffer' tool), analyze it, and then decrypt communications. Instead, they would need to intercept and modify the communications. This is called a 'man-in-the-middle' attack, because the attacker sits in the 'middle' of the communications session, pretending to each side to be the other, in order to fake a secure session.
Still, with recent DNS redirect exploits as an example, this does not bode well for net security.
Edit: According to the T&C's, discussion of illegal HAxOR-like stuff is against policy. Of course, we're still in the range of valid technical explanation here, but could a mod please clarify what the line is? This is a valuable thread, imho, and I wouldn't want to see it trashed.
[edit on Feb 19th 2009 by Ian McLean]
new topics
-
Remember These Attacks When President Trump 2.0 Vengeance-Retribution Commences.
2024 Elections: 18 minutes ago -
Predicting The Future: The Satanic Temple v. Florida
Conspiracies in Religions: 26 minutes ago -
WF Killer Patents & Secret Science Vol. 1 | Free Energy & Anti-Gravity Cover-Ups
General Conspiracies: 2 hours ago -
Hurt my hip; should I go see a Doctor
General Chit Chat: 3 hours ago -
Israel attacking Iran again.
Middle East Issues: 4 hours ago -
Michigan school district cancels lesson on gender identity and pronouns after backlash
Education and Media: 4 hours ago -
When an Angel gets his or her wings
Religion, Faith, And Theology: 5 hours ago -
Comparing the theology of Paul and Hebrews
Religion, Faith, And Theology: 6 hours ago -
Pentagon acknowledges secret UFO project, the Kona Blue program | Vargas Reports
Aliens and UFOs: 7 hours ago -
Boston Dynamics say Farewell to Atlas
Science & Technology: 7 hours ago
0