Puppy Linux Discussion Forum

[scsijon]

passing on from Opensuse, think this is the appropriate area.

regards
scsijon

-------------------------

Ever since rumors started to spread about Thai Duong and Juliano Rizzo's BEAST attack against SSL/TLS <http://www.infoworld.com/t/security/red-alert-https-has-been-hacked-174025>, onlookers have fretted as to just how serious a threat it poses. In a nutshell, the attack is serious -- though for the time being, it's difficult to pull off because a would-be attacker has to work pretty hard to ensure that the target meets multiple preconditions. Unfortunately, the tools to pull off the attack are certain to evolve -- and many IT organizations aren't even taking the simple, necessary steps to protect themselves today.

The mere fact that the attack can be successful at all is significant. SSL/TLS is a VPN technology. VPNs are, by definition, supposed to keep your information safe even when it's being transmitted via an insecure network medium and a malicious party can intercept your protected traffic. The BEAST attack somewhat breaks SSL/TLS's VPN protections. In this sense, it's fairly important. With the right preconditions, a cyber criminal can steal your protected HTTPS cookie, which then essentially allows him or her to highjack your active HTTPS session. Make no mistake about it: The BEAST attack works as claimed.

[More]

http://www.infoworld.com/d/security/now-ssl-has-been-cracked-watch-out-174852?source=IFWNLE_nlt_sec_2011-10-04

--
You can always count on Americans to do the right thing - after they've tried everything else.
Sir Winston Churchill

--

[nooby]

Good you told us about this.