iTWire - HTTPS is broken, browsers have it covered, kinda

IT&T JOBS|Discussion forum|Technology Events|IT Education|

Today on iTWire IT News Telecommunications People Our Blogs Tech Lifestyle Releases Science Sustainability MyProfile Whitepapers

Daily ICT Newsletter FREE TRIAL

Follow the Australian Telecommunications scene NEWSLETTER- FREE TRIAL

Technology news and Jobs

HTTPS is broken, browsers have it covered, kinda

HTTPS is broken, browsers have it covered, kinda

E-mail

by David Heath
Wednesday, 12 August 2009
Page 1 of 2 A recent research paper shows an unexpected attack on the HTTPS protocol. An attack that can succeed, easily. Featured Whitepaper 5 Best Practices for Smartphone Support This is an attack that has been known by Microsoft researchers for two years – clearly these are people who know how to keep a secret! During those two years, they have been in discussion with all major browser developers in order to address the identified issues. What does it mean? Essentially, the padlock on the browser can easily be picked, and without a patched browser, you'd never know. The good news? Most browsers have fixed the problem. The bad news? The researchers are quite sure that there is more to the general category of attack than they have identified to date. The research paper is available here. Quoting from the paper: "This work was finished in July 2007, except for the paper writing and the vulnerability testing on the Google Chrome browser released in beta in Sept. 2008. The paper submission has been withheld until this conference." The conference mentioned being IEEE S&P '09. The paper describes five major categories of vulnerability, four of which can reasonably described as being the domain of the browser. At the time of publishing, the two obvious issues have been addressed by all major browsers, however, of the others, few browser teams have done more than acknowledge the problems. The final vulnerability, based on the theft of authentication cookies is generally considered to be outside the domain of browsers and thus must be addressed at the website level. So, what exactly is the attack? Read on… << First page < 1 2 Next page > Last page - Post your comment >>

< Next story in category		Previous story in the category >

Sponsored Releases

Open Text Deepens Integration with SAP® Solutions

As Christmas Nears, AVG (AU/NZ) Advises Shoppers How to Stay Safe Online

Progress Software Successfully Enables SaaS Deployment in the Cloud for Fifth Year

British Airways selects Progress Software SOA Solutions to upgrade the travel experience

...Promote your press-releases here

Latest jobs

Organisational Change Manager
ASP.Net Mid Level Web Developer (S24)
Business Analyst (M17)
VB.Net Senior AP - PERM
Contracts Manager, 4 days per week
SAP Operational Support Consultant
SAP SD Functional Consultant
Oracle DBA
Data Analyst / Reports & Admin Consultant (Q4)
Senior UI/UX Developer - 100K +

	Visitors last 30 days	694,279
	Subscribers	15,210

#1 independent technology news advertise here

- Advertisement -

Featured Whitepapers

	5 Best Practices for Smartphone Support Worldwide shipments of smartphones reached a high of nearly 40 million units in the third quarter of 2008, helping to grow the category by 28% from the same quarter last year.
	Legacy Tools: Not For Today’s Helpdesk Why applications like RDP, VPNs and VNC may be costing you time, money and end-user satisfaction.

Today on iTWire

Follow iTWire on Twitter

About iTWire

iTWire is all about technology news, information, jobs and community for the IT and telecommunications industry professional. Subscribe to our free ICT daily newsletter

website free tracking