Subscribe via RSS Feed Connettisi su LinkedIn Le mie foto su Flickr

Abbiate. Molta. Paura. MITM-SSL

[ 2 ] 05/11/2009 | Matteo G.P. Flora

Brr.

“The SSL 3.0+ and TLS 1.0+ protocols are vulnerable to a set of related attacks which allow a man-in-the-middle (MITM) operating at or below the TCP layer to inject a chosen plaintext prefix into the encrypted data stream, often without detection by either end of the connection. This is possible because an ‘authentication gap’ exists during the renegotiation process, at which the MitM may splice together disparate TLS connections in a completely standards-compliant way. This represents a serious security defect for many or all protocols which run on top of TLS, including HTTPS.”

Pił informazioni qui.

Related posts:

  1. (in)sicurezza: Dove finisce la paura ed inizia Internet
  2. Jingle Bombs e Achmed: io non ho paura del terrorismo!
  3. Verona 24 Febbraio 2006: Privacy, ovvero come vincere la paura del 31 marzo
  4. Abbiate pazienza…
  5. Linuxpersec2 a Verona (16/17 Giugno)

Condividi:
facebook twitter delicious google digg reddit technorati su buzz mixx myspace

Tags: , ,

Categoria: Security and Intelligence

Comments (2)

Trackback URL | Feed dei commenti

  1. Tweets that mention Abbiate. Molta. Paura. MITM-SSL | LastKnight.com -- Topsy.com says:
    05/11/2009 at 11:05 pm

    [...] This post was mentioned on Twitter by Matteo G.P. Flora, white-rabbit. white-rabbit said: RT @lastknight Abbiate. Molta. Paura. MITM-SSL http://ff.im/-b2JEc [...]

  2. Pierluigi says:
    06/11/2009 at 11:20 am

    E ora? Niente pił web-banking… :(

Lascia un commento




Se vuoi visualizzare la tua foto con il commento vai a Gravatar.