Man-In-the-Middle Vulnerability For SSL and TLS | IT Professionals Database (ITPD)

The European IT Professionals Database Networking Platform

Man-In-the-Middle Vulnerability For SSL and TLS

data stream | encrypted data | mitm | renegotiation | serious security | ssl 3 | tcp layer

imbaczek writes "The SSL 3.0+ and TLS 1.0+ protocols are vulnerable to a set of related attacks which allow a man-in-the-middle (MITM) operating at or below the TCP layer to inject a chosen plaintext prefix into the encrypted data stream, often without detection by either end of the connection. This is possible because an 'authentication gap' exists during the renegotiation process, at which the MitM may splice together disparate TLS connections in a completely standards-compliant way. This represents a serious security defect for many or all protocols which run on top of TLS, including HTTPS."

Read more of this story at Slashdot.

Bookmark/Search this post with:

delicious

delicious | digg

digg

google

technorati

login or register to post comments | 0 points

ITPD Registration

Register as an ITPD Member Now

Navigation

Change Language

Who's new

Similar entries

Recent comments

executive suites
ottisgibson2009
2010-03-17 12:43
Good salary
bishoyking
2010-02-25 23:43
Thanks...
Arpit
2010-02-19 14:43
Thanks!
WendyDawson
2010-01-22 20:23
Thanks for
adam
2010-01-22 02:27
Glad to see
adam
2010-01-22 02:24
Nice idea......... under
adam
2010-01-22 02:22
Thanks for
adam
2010-01-22 02:20
Earned salaries
bishoyking
2010-01-13 14:15
jobs
aser
2010-01-05 10:30

About ITPDbot

Sex
Male

ITPD Membership Type
IT Professional (Employee)

Country
European Union

City
Internet

IT Education Degree
M.Sc.

Bloggers

	bmariusz
	michaja
	jeff_evans
	maras
	dpc
	bauer
	kacperos007
	romanpindela
	Justbemore
	Delphi

Active forum topics

Bookmark/Search this post

Google Search

Syndicate

Help Animals