Now that SSL has been cracked, watch out

For discussions about security.
Post Reply
Message
Author
scsijon
Posts: 1596
Joined: Thu 24 May 2007, 03:59
Location: the australian mallee
Contact:

Now that SSL has been cracked, watch out

#1 Post by scsijon »

passing on from Opensuse, think this is the appropriate area.

regards
scsijon

-------------------------

Ever since rumors started to spread about Thai Duong and Juliano Rizzo's BEAST attack against SSL/TLS <http://www.infoworld.com/t/security/red ... ked-174025>, onlookers have fretted as to just how serious a threat it poses. In a nutshell, the attack is serious -- though for the time being, it's difficult to pull off because a would-be attacker has to work pretty hard to ensure that the target meets multiple preconditions. Unfortunately, the tools to pull off the attack are certain to evolve -- and many IT organizations aren't even taking the simple, necessary steps to protect themselves today.

The mere fact that the attack can be successful at all is significant. SSL/TLS is a VPN technology. VPNs are, by definition, supposed to keep your information safe even when it's being transmitted via an insecure network medium and a malicious party can intercept your protected traffic. The BEAST attack somewhat breaks SSL/TLS's VPN protections. In this sense, it's fairly important. With the right preconditions, a cyber criminal can steal your protected HTTPS cookie, which then essentially allows him or her to highjack your active HTTPS session. Make no mistake about it: The BEAST attack works as claimed.

[More]

http://www.infoworld.com/d/security/now ... 2011-10-04

--
You can always count on Americans to do the right thing - after they've tried everything else.
Sir Winston Churchill

--

nooby
Posts: 10369
Joined: Sun 29 Jun 2008, 19:05
Location: SwedenEurope

#2 Post by nooby »

Good you told us about this.
I use Google Search on Puppy Forum
not an ideal solution though

Post Reply