iTWire - SSL, TLS vulnerable to publicly-disclosed attack

IT&T JOBS|Discussion forum|Technology Events|IT Education|

Today on iTWire IT News Telecommunications People Our Blogs Tech Lifestyle Releases Science Sustainability MyProfile Whitepapers

Daily ICT Newsletter FREE TRIAL

Follow the Australian Telecommunications scene NEWSLETTER- FREE TRIAL

Technology news and Jobs

Information Technology News

SSL, TLS vulnerable to publicly-disclosed attack

SSL, TLS vulnerable to publicly-disclosed attack

E-mail

by Stephen Withers
Friday, 06 November 2009
Page 1 of 2 A serious flaw has been discovered in the SSL (Secure Sockets Layer) protocol used to protect data in transit across the Internet. Are your Internet banking transactions at risk? Featured Whitepaper 5 Best Practices for Smartphone Support Security researchers at PhoneFactor have identified a flaw in SSL - not in implementations of SSL, but in the protocol itself. The flaw makes it possible to execute a man-in-the-middle attack, which involves a third party inserting itself between (eg) the browser and the server to intercept and possibly modify the data flowing across the link without revealing its presence. There is also potential for fraudulently reusing intercepted credentials. PhoneFactor's Marsh Ray and Steve Dispensa discovered the flaw in August, and privately disclosed it to a vendor working group and representatives of the Internet Engineering Task Force in late September. The group determined how to address the underlying problem and formulated a set of methods to mitigate the problem. Since implementation of the agreed plan would take time, PhoneFactor volunteered to delay public disclosure until early 2010. However, SAP's Martin Rex also discovered the vulnerability while examining client certificate authentication by Microsoft's Internet Information Services (IIS) and made it public this week in a message to the mailing list of the IETF's Transport Layer Security (TLS) working group. (SSL evolved into TLS; the older term is used here are iTWire believes it will be more familiar to most readers. All previously published versions of TLS and SSL are vulnerable.) CONTINUED << First page < 1 2 Next page > Last page - Post your comment >>

< Next story in category		Previous story in the category >

Sponsored Releases

Open Text Deepens Integration with SAP® Solutions

As Christmas Nears, AVG (AU/NZ) Advises Shoppers How to Stay Safe Online

Progress Software Successfully Enables SaaS Deployment in the Cloud for Fifth Year

British Airways selects Progress Software SOA Solutions to upgrade the travel experience

...Promote your press-releases here

Latest jobs

User Experience Architect (C4)
Consulting Services Branch Manager
Process Analyst X 4 (M4)
Content Co-Ordinator (M3)
Senior .Net Developer (M3)
Business Analyst (M17)
Test Lead
Senior Business Analyst
Business Analyst - Financial Markets, Ops focus
Technical Business Analyst - BI & DW - Contract

	Visitors last 30 days	694,279
	Subscribers	15,210

#1 independent technology news advertise here

- Advertisement -

Featured Whitepapers

	5 Best Practices for Smartphone Support Worldwide shipments of smartphones reached a high of nearly 40 million units in the third quarter of 2008, helping to grow the category by 28% from the same quarter last year.
	Legacy Tools: Not For Today’s Helpdesk Why applications like RDP, VPNs and VNC may be costing you time, money and end-user satisfaction.

Today on iTWire

Follow iTWire on Twitter

About iTWire

iTWire is all about technology news, information, jobs and community for the IT and telecommunications industry professional. Subscribe to our free ICT daily newsletter

website free tracking