Re: Can SSL sessions be compromised?
- From: Anne & Lynn Wheeler <lynn@xxxxxxxxxx>
- Date: Fri, 06 Apr 2007 10:13:15 -0600
comphelp@xxxxxxxxx (Todd H.) writes:
Specify a version level of SSL (greater than known-weak SSL v 2.0)
that this applies to, or a specific implementation's flaw, cite
re:
http://www.garlic.com/~lynn/2007g.html#32 Can SSL sessions be compromised?
http://www.garlic.com/~lynn/2007g.html#38 Can SSL sessions be compromised?
SSL is suppose to do two things ... 1) are you really talking to the
webserver that you think you are talking to and 2) hide/encrypt
information during transmission.
the attacks that I'm aware have been with regard to the first item
.... including allowing various kinds of MITM-attacks (as mentioned
in previous posts).
recent post about MITM-attack
http://www.garlic.com/~lynn/aadsm26.htm#47 SSL MITM-attacks make the news
as well blog discussion
THREATWATCH: MITB SPOTTED: MITM OVER SSL FROM WITHIN THE BROWSER
https://financialcryptography.com/mt/archives/000884.html
.
- Follow-Ups:
- Re: Can SSL sessions be compromised?
- From: Todd H.
- Re: Can SSL sessions be compromised?
- References:
- Can SSL sessions be compromised?
- From: Powercat
- Re: Can SSL sessions be compromised?
- From: Anne & Lynn Wheeler
- Re: Can SSL sessions be compromised?
- From: buy
- Re: Can SSL sessions be compromised?
- From: Todd H.
- Can SSL sessions be compromised?
- Prev by Date: Re: Can SSL sessions be compromised?
- Next by Date: Re: Can SSL sessions be compromised?
- Previous by thread: Re: Can SSL sessions be compromised?
- Next by thread: Re: Can SSL sessions be compromised?
- Index(es):
Relevant Pages
|
|
