Man-In-the-Middle Vulnerability For SSL and TLS - Slashdot

Slashdot

Man-In-the-Middle Vulnerability For SSL and TLS 170

Posted by Soulskill on Thursday November 05 2009, @10:23AM
from the alphabet-soup dept.

imbaczek writes "The SSL 3.0+ and TLS 1.0+ protocols are vulnerable to a set of related attacks which allow a man-in-the-middle (MITM) operating at or below the TCP layer to inject a chosen plaintext prefix into the encrypted data stream, often without detection by either end of the connection. This is possible because an 'authentication gap' exists during the renegotiation process, at which the MitM may splice together disparate TLS connections in a completely standards-compliant way. This represents a serious security defect for many or all protocols which run on top of TLS, including HTTPS."

This discussion has been archived. No new comments can be posted.

Man-In-the-Middle Vulnerability For SSL and TLS

Search 170 Comments Log In/Create an Account

Comments Filter:

We need to invest in Quantum Physics. (Score:5, Funny)

by jellomizer (103300) writes: on Thursday November 05 2009, @10:25AM (#29994474)

Only with quantum physics can we actually get a secure data transfer. Or not or both.

Share
twitter facebook
web developers (Score:1, Funny)

by chrisranjana.com (630682) writes: <(moc.liamg) (ta) (444rehpotsirhc)> on Thursday November 05 2009, @10:26AM (#29994486) Homepage

So are these man in middle exploits fixed in the latest Ubuntu release ?

Share
twitter facebook
Re:We need to invest in Quantum Physics. (Score:5, Funny)

by PiSkyHi (1049584) writes: on Thursday November 05 2009, @10:31AM (#29994530)

Come on moderators, its a joke - Yes, I realise its both funny and not funny at the same time.

Parent Share
twitter facebook
Re:We need to invest in Quantum Physics. (Score:0, Funny)

by Anonymous Coward writes: on Thursday November 05 2009, @10:38AM (#29994610)

Most of the mods here wouldn't get an intelligent joke if it came up and kicked them in the face.
It'd have to kick them in the nuts to be low-brow enough for them to notice.

Parent Share
twitter facebook
Its a quantum man in the middle attack (Score:5, Funny)

by Viol8 (599362) writes: on Thursday November 05 2009, @10:48AM (#29994750)

Its the same man in all 3 places.

Parent Share
twitter facebook
Re:We need to invest in Quantum Physics. (Score:4, Funny)

by mcgrew (92797) * writes: on Thursday November 05 2009, @11:45AM (#29995426) Journal

Damn you, Quantum Physics!! [angryflower.com]

Parent Share
twitter facebook

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

Related Links Top of the: day, week, month.

473 commentsYour Passwords Don't Suck — It's Your Policies
418 commentsFBI Says American Universities Infiltrated by Spies
391 commentsAdobe Introduces the Paid Security Fix
343 commentsSymantec: Religious Sites "Riskier Than Porn For Viruses"
333 commentsOsama Bin Laden Didn't Encrypt His Files

Use the Force, Luke.