Man-In-the-Middle Vulnerability For SSL and TLS 170
imbaczek writes "The SSL 3.0+ and TLS 1.0+ protocols are vulnerable to a set of related attacks which allow a man-in-the-middle (MITM) operating at or below the TCP layer to inject a chosen plaintext prefix into the encrypted data stream, often without detection by either end of the connection. This is possible because an 'authentication gap' exists during the renegotiation process, at which the MitM may splice together disparate TLS connections in a completely standards-compliant way. This represents a serious security defect for many or all protocols which run on top of TLS, including HTTPS."
We need to invest in Quantum Physics. (Score:5, Funny)
Only with quantum physics can we actually get a secure data transfer. Or not or both.
web developers (Score:1, Funny)
Re:We need to invest in Quantum Physics. (Score:5, Funny)
Re:We need to invest in Quantum Physics. (Score:0, Funny)
Most of the mods here wouldn't get an intelligent joke if it came up and kicked them in the face.
It'd have to kick them in the nuts to be low-brow enough for them to notice.
Its a quantum man in the middle attack (Score:5, Funny)
Its the same man in all 3 places.
Re:We need to invest in Quantum Physics. (Score:4, Funny)
Damn you, Quantum Physics!! [angryflower.com]