Null-Prefix SSL Attacks Enabled In New sslsniff

Slashdot is powered by your submissions, so send in your scoop

Null-Prefix SSL Attacks Enabled In New sslsniff 48

Posted by timothy on Tuesday August 04, 2009 @09:53AM from the ready-or-not-here-it-comes dept.

An anonymous reader writes "Moxie Marlinspike, who recently published new attacks on SSL at Defcon 17, seems to have released the new version of sslsniff which supports these attacks. While the release appears to coincide with a patch from Mozilla, every product that uses the Microsoft CryptoAPI is still vulnerable, including Internet Explorer and Outlook. The new version of sslsniff also supports built-in modes for hijacking software auto-updates that depend on SSL, and apparently includes techniques for defeating OCSP as well — making the elimination of existing null-prefix certificates difficult."

This discussion has been archived. No new comments can be posted.

Null-Prefix SSL Attacks Enabled In New sslsniff

Search 48 Comments Log In/Create an Account

Comments Filter:

Re:Appears to coincide.. (Score:5, Funny)

by sys.stdout.write ( 1551563 ) writes: on Tuesday August 04, 2009 @10:11AM (#28940557)

And by "fixed the patch" I mean "I'm retarded".

English is hard.

Parent Share
twitter facebook
Winning combination (Score:5, Funny)

by Norsefire ( 1494323 ) * writes: on Tuesday August 04, 2009 @10:11AM (#28940567) Journal

Excellent technical skills, interest in hacking and a name that no security department will take seriously.

Share
twitter facebook
dot your i's and cross your t's (Score:2, Funny)

by kronosopher ( 1531873 ) writes: <celeron@@@netolith...com> on Tuesday August 04, 2009 @10:26AM (#28940767) Homepage

.. even extra unnecessary ones.

Is an "atttack" anything like an "attack"?

Share
twitter facebook
Re:Winning combination (Score:5, Funny)

by MyLongNickName ( 822545 ) writes: on Tuesday August 04, 2009 @10:30AM (#28940819) Journal

Moxie Marlinspike? I thought we had a new Ubuntu release. And I was wondering what happened to the L's.

Parent Share
twitter facebook
Re:dot your i's and cross your t's (Score:3, Funny)

by TheRaven64 ( 641858 ) writes: on Tuesday August 04, 2009 @10:48AM (#28941041) Journal

It's an attack with Mr T in the middle.

Parent Share
twitter facebook
Re:New toy (Score:1, Funny)

by Anonymous Coward writes: on Tuesday August 04, 2009 @10:55AM (#28941163)

Have you tried a vibrating butt plug?

Parent Share
twitter facebook
Re:Appears to coincide.. (Score:5, Funny)

by mrsteveman1 ( 1010381 ) writes: on Tuesday August 04, 2009 @11:03AM (#28941309)

I do, it comes right after "oh-shit-we're-screwed sunday and "pwned monday".

Parent Share
twitter facebook
Re:dot your i's and cross your t's (Score:3, Funny)

by Ironica ( 124657 ) writes: <pixel@bo o n d o c k.org> on Tuesday August 04, 2009 @03:50PM (#28946447) Journal

It's an attack with Mr T in the middle.
You mean it's a man-in-the-middle attack?

Parent Share
twitter facebook

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

Null-Prefix SSL Attacks Enabled In New sslsniff 48

Null-Prefix SSL Attacks Enabled In New sslsniff More Login

Null-Prefix SSL Attacks Enabled In New sslsniff

Re:Appears to coincide.. (Score:5, Funny)

Winning combination (Score:5, Funny)

dot your i's and cross your t's (Score:2, Funny)

Re:Winning combination (Score:5, Funny)

Re:dot your i's and cross your t's (Score:3, Funny)

Re:New toy (Score:1, Funny)

Re:Appears to coincide.. (Score:5, Funny)

Re:dot your i's and cross your t's (Score:3, Funny)

Related Links Top of the: day, week, month.

Slashdot Top Deals

Slashdot