imbaczek writes "The SSL 3.0+ and TLS 1.0+ protocols are vulnerable to a set of related attacks which allow a man-in-the-middle (MITM) operating at or below the TCP layer to inject a chosen plaintext prefix into the encrypted data stream, often without... ...full story at slashdot
from slashdot on Thu, Nov 05 2009
see also:
| 23 Dec 08 |
  |
Perfect MITM Attacks With No-Check SSL Certs » slashdot StartCom writes "In a previous article I reported about Man-In-The-Middle attacks and spotlighted an example showing that they really happen. MITM attacks just got easier. In the attack described previously, untrusted certificates from an unknown issuer... |
| 18 Aug 08 |
|
Why One-time Passwords Suck For MITM Attacks » slashdot whitehartstag writes "Black Hat 08 disclosed several SSL VPN and DNS vulnerabilities that caused several people to sit up and take notice. Some of these new exploits performed a brilliant Man-In-The-Middle attack on SSL VPN tunnels. This article walks you... |
| 07 Oct 09 |
|
Null-Prefix SSL Certificate For PayPal Released » slashdot An anonymous reader writes "Nine weeks after Moxie Marlinspike presented at Defcon 17, null-prefix certificates that exploit the SSL certificate vulnerability are beginning to appear. Yesterday, someone posted a null-prefix certificate for www.paypal.com... |
| 05 Oct 08 |
|
Encrypted Images Vulnerable To New Attack » slashdot rifles only writes "A German techie has found a remarkably simple way to discern some of the content of encrypted volumes containing images. The encrypted images don't reveal themselves totally, but in many cases do let an attacker see the outline of a... |
| 02 Dec 07 |
|
MD5 Proven Ineffective for App Signatures » slashdot prostoalex writes "Marc Stevens, Arjen K. Lenstra, and Benne de Weger have released their paper 'Vulnerability of software integrity and code signing applications to chosen-prefix collisions for MD5'. It describes a reproducible attack on MD5 algorithms... |
china
thailand
japan
technology