Null-Prefix SSL Attacks Enabled In New sslsniff 48
An anonymous reader writes "Moxie Marlinspike, who recently published new attacks on SSL at Defcon 17, seems to have released the new version of sslsniff which supports these attacks. While the release appears to coincide with a patch from Mozilla, every product that uses the Microsoft CryptoAPI is still vulnerable, including Internet Explorer and Outlook. The new version of sslsniff also supports built-in modes for hijacking software auto-updates that depend on SSL, and apparently includes techniques for defeating OCSP as well — making the elimination of existing null-prefix certificates difficult."
Re:Appears to coincide.. (Score:5, Funny)
English is hard.
Winning combination (Score:5, Funny)
dot your i's and cross your t's (Score:2, Funny)
Is an "atttack" anything like an "attack"?
Re:Winning combination (Score:5, Funny)
Moxie Marlinspike? I thought we had a new Ubuntu release. And I was wondering what happened to the L's.
Re:dot your i's and cross your t's (Score:3, Funny)
Re:New toy (Score:1, Funny)
Re:Appears to coincide.. (Score:5, Funny)
I do, it comes right after "oh-shit-we're-screwed sunday and "pwned monday".
Re:dot your i's and cross your t's (Score:3, Funny)
It's an attack with Mr T in the middle.
You mean it's a man-in-the-middle attack?