Skip to main content

/ MOBIUS Libraries/ Group items tagged ssl

Group items tagged

Filter: All | Bookmarks | Topics Simple Middle

New Attack Breaks Confidentiality Model of SSL, Allows Theft of Encrypted Cookies | thr... - 0 views

threatpost.com/...theft-encrypted-cookies-091911

security ssl hacking

shared by anonymous on 29 Apr 12 - No Cached

- anonymous on 29 Apr 12
  
  It's worth noting that to execute this attack you have to be on the network of your target and have the ability to execute a man in the middle attack.
  
  <div class="cArrow"> </div><div class="cContentInner">It's worth noting that to execute this attack you have to be on the network of your target and have the ability to execute a man in the middle attack.</div>
  
  ...
  
  Cancel
...

Cancel

anonymous on 29 Apr 12

Two researchers have developed a new attack on TLS 1.0/SSL 3.0 that enables them to decrypt client requests on the fly and hijack supposedly confidential sessions with sensitive sites such as online banking, e-commerce and payment sites. The attack breaks the confidentiality model of the protocol and is the first known exploitation of a long-known flaw in TLS, potentially affecting the security of transactions on millions of sites.

<div class="cArrow"> </div><div class="cContentInner">Two researchers have developed a new attack on TLS 1.0/SSL 3.0 that enables them to decrypt client requests on the fly and hijack supposedly confidential sessions with sensitive sites such as online banking, e-commerce and payment sites. The attack breaks the confidentiality model of the protocol and is the first known exploitation of a long-known flaw in TLS, potentially affecting the security of transactions on millions of sites.</div>

...

Cancel

Survey Finds Secure Sites Not So Secure | threatpost - 0 views

threatpost.com/...ure-sites-not-so-secure-042712

security ssl hacking

shared by anonymous on 29 Apr 12 - No Cached

anonymous on 29 Apr 12

There is quite a bit of alarming data in what the project has gathered, and one of those pieces of information is that more than 148,000 of the sites surveyed are vulnerable to the BEAST attack, which was developed by researchers Juliano Rizzo and Thai Duong and disclosed last year. Their attack uses what's known as a chosen-plaintext attack against the AES implementation in the TLS 1.0 protocol and enables them to use a custom tool they wrote to steal and decrypt supposedly secure HTTPS cookies. The attacker can then hijack the victim's secure SSL session with a site such as an e-commerce site or online banking site.

<div class="cArrow"> </div><div class="cContentInner">There is quite a bit of alarming data in what the project has gathered, and one of those pieces of information is that more than 148,000 of the sites surveyed are vulnerable to the BEAST attack, which was developed by researchers Juliano Rizzo and Thai Duong and disclosed last year. Their attack uses what's known as a chosen-plaintext attack against the AES implementation in the TLS 1.0 protocol and enables them to use a custom tool they wrote to steal and decrypt supposedly secure HTTPS cookies. The attacker can then hijack the victim's secure SSL session with a site such as an e-commerce site or online banking site.</div>

...

Cancel

1 - 2 of 2

Showing 20▼ items per page

Related searches