Man-In-the-Middle Vulnerability For SSL and TLS

Man-In-the-Middle Vulnerability For SSL and TLS 170

Posted by Soulskill on Thursday November 05, 2009 @10:23AM from the alphabet-soup dept.

imbaczek writes "The SSL 3.0+ and TLS 1.0+ protocols are vulnerable to a set of related attacks which allow a man-in-the-middle (MITM) operating at or below the TCP layer to inject a chosen plaintext prefix into the encrypted data stream, often without detection by either end of the connection. This is possible because an 'authentication gap' exists during the renegotiation process, at which the MitM may splice together disparate TLS connections in a completely standards-compliant way. This represents a serious security defect for many or all protocols which run on top of TLS, including HTTPS."

Man-In-the-Middle Vulnerability For SSL and TLS

This discussion has been archived. No new comments can be posted.

Search 170 Comments Log In/Create an Account

Comments Filter:

We need to invest in Quantum Physics. (Score:5, Funny)

by jellomizer ( 103300 ) writes: on Thursday November 05, 2009 @10:25AM (#29994474)

Only with quantum physics can we actually get a secure data transfer. Or not or both.

web developers (Score:1, Funny)

by chrisranjana.com ( 630682 ) writes: <info@chrisran[ ]a.com ['jan' in gap]> on Thursday November 05, 2009 @10:26AM (#29994486) Homepage

So are these man in middle exploits fixed in the latest Ubuntu release ?

Re:We need to invest in Quantum Physics. (Score:5, Funny)

by PiSkyHi ( 1049584 ) writes: on Thursday November 05, 2009 @10:31AM (#29994530)

Come on moderators, its a joke - Yes, I realise its both funny and not funny at the same time.

Re:We need to invest in Quantum Physics. (Score:0, Funny)

by Anonymous Coward writes: on Thursday November 05, 2009 @10:38AM (#29994610)

Most of the mods here wouldn't get an intelligent joke if it came up and kicked them in the face.
It'd have to kick them in the nuts to be low-brow enough for them to notice.

Its a quantum man in the middle attack (Score:5, Funny)

by Viol8 ( 599362 ) writes: on Thursday November 05, 2009 @10:48AM (#29994750) Homepage

Its the same man in all 3 places.

Re:We need to invest in Quantum Physics. (Score:4, Funny)

by mcgrew ( 92797 ) * writes: on Thursday November 05, 2009 @11:45AM (#29995426) Homepage Journal

Damn you, Quantum Physics!! [angryflower.com]

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

Man-In-the-Middle Vulnerability For SSL and TLS 170

Man-In-the-Middle Vulnerability For SSL and TLS More Login

Man-In-the-Middle Vulnerability For SSL and TLS

We need to invest in Quantum Physics. (Score:5, Funny)

web developers (Score:1, Funny)

Re:We need to invest in Quantum Physics. (Score:5, Funny)

Re:We need to invest in Quantum Physics. (Score:0, Funny)

Its a quantum man in the middle attack (Score:5, Funny)

Re:We need to invest in Quantum Physics. (Score:4, Funny)

Related Links Top of the: day, week, month.

Slashdot Top Deals

Slashdot